[asterisk-users] how to show used "wrong password"
Randall
randall at songshu.org
Tue Mar 13 11:30:09 CDT 2012
On 03/13/2012 03:53 PM, Kevin P. Fleming wrote:
> On 03/13/2012 08:11 AM, A J Stiles wrote:
>> On Tuesday 13 March 2012, Randall wrote:
>>> hi all,
>>>
>>> have asterisk set up in combination with fail2ban.
>>> all works as expected only there is 1 extension that is trying to
>>> register with a wrong password causing fail2ban to block the IP
>>> address,
>>> normally that is ok behaviour but i have several extensions on that IP
>>> address.
>>> ..... snip .....
>>> anyway to see which "wrong password" is being used?
>>
>> tcpflow.
>>
>> (And don't underestimate the power of simply disconnecting things
>> until it
>> works ..... last thing you disconnected was the faulty one.)
>
> This will not help. Assuming we are talking about a SIP REGISTER here,
> the password is *not* sent in the request. Asterisk issues a challenge
> including a randomly generated value (called a 'nonce'), then the UA
> attempting to register responds to that challenge with an MD5 digest
> of a string composed of various elements, including both the nonce and
> the shared secret ('password'). Asterisk computes the same digest
> internally, and if they match, then the assumption is that both ends
> know the shared secret.
>
> By their very nature, digest functions are not reversible; given the
> MD5 digest present in an SIP request containing an Authorization
> header, there is no way to figure out what shared secret was used in
> the computation of that digest. Since you know the nonce and the other
> portions of the calculation, you could attempt to try various 'likely'
> passwords to see if any of them result in the same digest value...
> this is called the brute-force method, and it could take a *very* long
> time to arrive at a shared secret that would allow the endpoint to
> register.
>
confirmed,
doesn't work
More information about the asterisk-users
mailing list