[asterisk-users] SIP password probe

Mitul Limbani mitul at enterux.in
Tue Nov 27 13:11:32 CST 2012 

You might want to share the know how over here if its not a chan_sip patch.

Mitul
On Nov 28, 2012 12:28 AM, "Ron Wheeler" <rwheeler at artifact-software.com>
wrote:

>  On 27/11/2012 12:58 PM, Christopher Harrington wrote:
>
> It's an open source project. Pay a programmer or make the modification
> yourself and submit a patch.
>
> You don't really want me coding!
> I have solved the problem for me.
>
> Just add it to the queue of enhancements for the next time someone is
> working on SIP.
>
> Ron
>
>
>
> On Sat, Nov 24, 2012 at 4:51 PM, Ron Wheeler <
> rwheeler at artifact-software.com> wrote:
>
>> I looking through my logs, I found that people where probing my SIP
>> accounts looking for passwords.
>> Asterisk was helping them out by processing hundreds of requests per
>> minute.
>> I did a bit of Googling and this seems to be a frequent knock against
>> Asterisk's security.
>>
>> It would seem pretty simple to add a configuration setting to sip.conf to
>> delay the response to a bad account or password.
>>
>> There is a half measure to confuse the probe by sending the same error
>> return for either error.
>> It appears that many people have complained that this should be the
>> default setting only changed if your are debugging a problem.
>>
>> There is no reason for a working system to ever have bad passwords so
>> this is clearly an attack in almost every case.
>>
>> A simple delay would solve the problem for most people who use reasonable
>> passwords.
>>
>> I had to install fail2ban which is a PITA but thanks to someone's clear
>> recipe, I was able to get it working.
>>
>> I hope that this can be worked into a release soon.
>>
>> Ron
>>
>> --
>> Ron Wheeler
>> President
>> Artifact Software Inc
>> email: rwheeler at artifact-software.com
>> skype: ronaldmwheeler
>> phone: 866-970-2435, ext 102
>>
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>               http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
>
>  --
> -Chris Harrington
> ACSDi Office: 763.559.5800
>  Mobile Phone: 612.326.4248
>
>
>
>
> --
> Ron Wheeler
> President
> Artifact Software Inc
> email: rwheeler at artifact-software.com
> skype: ronaldmwheeler
> phone: 866-970-2435, ext 102
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20121128/c54e654c/attachment.htm>

More information about the asterisk-users mailing list