[asterisk-users] SIP password probe

Ron Wheeler rwheeler at artifact-software.com
Tue Nov 27 12:57:35 CST 2012 

On 27/11/2012 12:58 PM, Christopher Harrington wrote:
> It's an open source project. Pay a programmer or make the modification 
> yourself and submit a patch.
You don't really want me coding!
I have solved the problem for me.

Just add it to the queue of enhancements for the next time someone is 
working on SIP.

Ron

>
>
> On Sat, Nov 24, 2012 at 4:51 PM, Ron Wheeler 
> <rwheeler at artifact-software.com 
> <mailto:rwheeler at artifact-software.com>> wrote:
>
>     I looking through my logs, I found that people where probing my
>     SIP accounts looking for passwords.
>     Asterisk was helping them out by processing hundreds of requests
>     per minute.
>     I did a bit of Googling and this seems to be a frequent knock
>     against Asterisk's security.
>
>     It would seem pretty simple to add a configuration setting to
>     sip.conf to delay the response to a bad account or password.
>
>     There is a half measure to confuse the probe by sending the same
>     error return for either error.
>     It appears that many people have complained that this should be
>     the default setting only changed if your are debugging a problem.
>
>     There is no reason for a working system to ever have bad passwords
>     so this is clearly an attack in almost every case.
>
>     A simple delay would solve the problem for most people who use
>     reasonable passwords.
>
>     I had to install fail2ban which is a PITA but thanks to someone's
>     clear recipe, I was able to get it working.
>
>     I hope that this can be worked into a release soon.
>
>     Ron
>
>     -- 
>     Ron Wheeler
>     President
>     Artifact Software Inc
>     email: rwheeler at artifact-software.com
>     <mailto:rwheeler at artifact-software.com>
>     skype: ronaldmwheeler
>     phone: 866-970-2435, ext 102 <tel:866-970-2435%2C%20ext%20102>
>
>
>     --
>     _____________________________________________________________________
>     -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>     New to Asterisk? Join us for a live introductory webinar every Thurs:
>     http://www.asterisk.org/hello
>
>     asterisk-users mailing list
>     To UNSUBSCRIBE or update options visit:
>     http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
>
> -- 
> -Chris Harrington
> ACSDi Office: 763.559.5800
> Mobile Phone: 612.326.4248
>
>


-- 
Ron Wheeler
President
Artifact Software Inc
email: rwheeler at artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20121127/96f69eab/attachment.htm>

More information about the asterisk-users mailing list