[asterisk-users] SIP password probe

Christopher Harrington chris at acsdi.com
Tue Nov 27 11:58:57 CST 2012 

It's an open source project. Pay a programmer or make the modification
yourself and submit a patch.


On Sat, Nov 24, 2012 at 4:51 PM, Ron Wheeler <rwheeler at artifact-software.com
> wrote:

> I looking through my logs, I found that people where probing my SIP
> accounts looking for passwords.
> Asterisk was helping them out by processing hundreds of requests per
> minute.
> I did a bit of Googling and this seems to be a frequent knock against
> Asterisk's security.
>
> It would seem pretty simple to add a configuration setting to sip.conf to
> delay the response to a bad account or password.
>
> There is a half measure to confuse the probe by sending the same error
> return for either error.
> It appears that many people have complained that this should be the
> default setting only changed if your are debugging a problem.
>
> There is no reason for a working system to ever have bad passwords so this
> is clearly an attack in almost every case.
>
> A simple delay would solve the problem for most people who use reasonable
> passwords.
>
> I had to install fail2ban which is a PITA but thanks to someone's clear
> recipe, I was able to get it working.
>
> I hope that this can be worked into a release soon.
>
> Ron
>
> --
> Ron Wheeler
> President
> Artifact Software Inc
> email: rwheeler at artifact-software.com
> skype: ronaldmwheeler
> phone: 866-970-2435, ext 102
>
>
> --
> ______________________________**______________________________**_________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/**mailman/listinfo/asterisk-**users<http://lists.digium.com/mailman/listinfo/asterisk-users>
>



-- 
-Chris Harrington
ACSDi Office: 763.559.5800
Mobile Phone: 612.326.4248
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20121127/99f1cce0/attachment.htm>

More information about the asterisk-users mailing list