[asterisk-users] SIP password probe
Ron Wheeler
rwheeler at artifact-software.com
Tue Nov 27 13:20:56 CST 2012
I had to install fail2ban and configure it to watch Asterisk.
Ron
On 27/11/2012 2:11 PM, Mitul Limbani wrote:
>
> You might want to share the know how over here if its not a chan_sip
> patch.
>
> Mitul
>
> On Nov 28, 2012 12:28 AM, "Ron Wheeler"
> <rwheeler at artifact-software.com
> <mailto:rwheeler at artifact-software.com>> wrote:
>
> On 27/11/2012 12:58 PM, Christopher Harrington wrote:
>> It's an open source project. Pay a programmer or make the
>> modification yourself and submit a patch.
> You don't really want me coding!
> I have solved the problem for me.
>
> Just add it to the queue of enhancements for the next time someone
> is working on SIP.
>
> Ron
>
>>
>>
>> On Sat, Nov 24, 2012 at 4:51 PM, Ron Wheeler
>> <rwheeler at artifact-software.com
>> <mailto:rwheeler at artifact-software.com>> wrote:
>>
>> I looking through my logs, I found that people where probing
>> my SIP accounts looking for passwords.
>> Asterisk was helping them out by processing hundreds of
>> requests per minute.
>> I did a bit of Googling and this seems to be a frequent knock
>> against Asterisk's security.
>>
>> It would seem pretty simple to add a configuration setting to
>> sip.conf to delay the response to a bad account or password.
>>
>> There is a half measure to confuse the probe by sending the
>> same error return for either error.
>> It appears that many people have complained that this should
>> be the default setting only changed if your are debugging a
>> problem.
>>
>> There is no reason for a working system to ever have bad
>> passwords so this is clearly an attack in almost every case.
>>
>> A simple delay would solve the problem for most people who
>> use reasonable passwords.
>>
>> I had to install fail2ban which is a PITA but thanks to
>> someone's clear recipe, I was able to get it working.
>>
>> I hope that this can be worked into a release soon.
>>
>> Ron
>>
>> --
>> Ron Wheeler
>> President
>> Artifact Software Inc
>> email: rwheeler at artifact-software.com
>> <mailto:rwheeler at artifact-software.com>
>> skype: ronaldmwheeler
>> phone: 866-970-2435, ext 102 <tel:866-970-2435%2C%20ext%20102>
>>
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by
>> http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar
>> every Thurs:
>> http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>
>>
>>
>> --
>> -Chris Harrington
>> ACSDi Office: 763.559.5800 <tel:763.559.5800>
>> Mobile Phone: 612.326.4248 <tel:612.326.4248>
>>
>>
>
>
> --
> Ron Wheeler
> President
> Artifact Software Inc
> email:rwheeler at artifact-software.com <mailto:rwheeler at artifact-software.com>
> skype: ronaldmwheeler
> phone: 866-970-2435, ext 102
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
--
Ron Wheeler
President
Artifact Software Inc
email: rwheeler at artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20121127/c38b1ab8/attachment.htm>
More information about the asterisk-users
mailing list