[asterisk-users] SIP password probe

Ron Wheeler rwheeler at artifact-software.com
Sat Nov 24 16:51:29 CST 2012


I looking through my logs, I found that people where probing my SIP 
accounts looking for passwords.
Asterisk was helping them out by processing hundreds of requests per minute.
I did a bit of Googling and this seems to be a frequent knock against 
Asterisk's security.

It would seem pretty simple to add a configuration setting to sip.conf 
to delay the response to a bad account or password.

There is a half measure to confuse the probe by sending the same error 
return for either error.
It appears that many people have complained that this should be the 
default setting only changed if your are debugging a problem.

There is no reason for a working system to ever have bad passwords so 
this is clearly an attack in almost every case.

A simple delay would solve the problem for most people who use 
reasonable passwords.

I had to install fail2ban which is a PITA but thanks to someone's clear 
recipe, I was able to get it working.

I hope that this can be worked into a release soon.

Ron

-- 
Ron Wheeler
President
Artifact Software Inc
email: rwheeler at artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102




More information about the asterisk-users mailing list