<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">I had to install fail2ban and configure
it to watch Asterisk.<br>
<br>
Ron<br>
<br>
On 27/11/2012 2:11 PM, Mitul Limbani wrote:<br>
</div>
<blockquote
cite="mid:CAAoGpGS_dnvTknX53BYmk-F5fMqieH5fOYU8qQfv6H0zFrL+KQ@mail.gmail.com"
type="cite">
<p>You might want to share the know how over here if its not a
chan_sip patch.</p>
<p>Mitul</p>
<div class="gmail_quote">On Nov 28, 2012 12:28 AM, "Ron Wheeler"
<<a moz-do-not-send="true"
href="mailto:rwheeler@artifact-software.com">rwheeler@artifact-software.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>On 27/11/2012 12:58 PM, Christopher Harrington wrote:<br>
</div>
<blockquote type="cite">It's an open source project. Pay a
programmer or make the modification yourself and submit a
patch.</blockquote>
You don't really want me coding!<br>
I have solved the problem for me.<br>
<br>
Just add it to the queue of enhancements for the next time
someone is working on SIP.<br>
<br>
Ron<br>
<br>
<blockquote type="cite">
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Sat, Nov 24, 2012 at 4:51
PM, Ron Wheeler <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:rwheeler@artifact-software.com"
target="_blank">rwheeler@artifact-software.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">I
looking through my logs, I found that people where
probing my SIP accounts looking for passwords.<br>
Asterisk was helping them out by processing hundreds
of requests per minute.<br>
I did a bit of Googling and this seems to be a
frequent knock against Asterisk's security.<br>
<br>
It would seem pretty simple to add a configuration
setting to sip.conf to delay the response to a bad
account or password.<br>
<br>
There is a half measure to confuse the probe by
sending the same error return for either error.<br>
It appears that many people have complained that
this should be the default setting only changed if
your are debugging a problem.<br>
<br>
There is no reason for a working system to ever have
bad passwords so this is clearly an attack in almost
every case.<br>
<br>
A simple delay would solve the problem for most
people who use reasonable passwords.<br>
<br>
I had to install fail2ban which is a PITA but thanks
to someone's clear recipe, I was able to get it
working.<br>
<br>
I hope that this can be worked into a release soon.<br>
<br>
Ron<br>
<br>
-- <br>
Ron Wheeler<br>
President<br>
Artifact Software Inc<br>
email: <a moz-do-not-send="true"
href="mailto:rwheeler@artifact-software.com"
target="_blank">rwheeler@artifact-software.com</a><br>
skype: ronaldmwheeler<br>
phone: <a moz-do-not-send="true"
href="tel:866-970-2435%2C%20ext%20102"
value="+18669702435" target="_blank">866-970-2435,
ext 102</a><br>
<br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a
moz-do-not-send="true"
href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a>
--<br>
New to Asterisk? Join us for a live introductory
webinar every Thurs:<br>
<a moz-do-not-send="true"
href="http://www.asterisk.org/hello"
target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a moz-do-not-send="true"
href="http://lists.digium.com/mailman/listinfo/asterisk-users"
target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
-Chris Harrington<br>
<div>ACSDi Office: <a moz-do-not-send="true"
href="tel:763.559.5800" value="+917635595800"
target="_blank">763.559.5800</a></div>
<div>
<div>Mobile Phone: <a moz-do-not-send="true"
href="tel:612.326.4248" value="+916123264248"
target="_blank">612.326.4248</a></div>
</div>
<div><br>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<pre cols="72">--
Ron Wheeler
President
Artifact Software Inc
email: <a moz-do-not-send="true" href="mailto:rwheeler@artifact-software.com" target="_blank">rwheeler@artifact-software.com</a>
skype: ronaldmwheeler
phone: 866-970-2435, ext 102</pre>
</div>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a
moz-do-not-send="true" href="http://www.api-digital.com"
target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every
Thurs:<br>
<a moz-do-not-send="true"
href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a moz-do-not-send="true"
href="http://lists.digium.com/mailman/listinfo/asterisk-users"
target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</blockquote>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Ron Wheeler
President
Artifact Software Inc
email: <a class="moz-txt-link-abbreviated" href="mailto:rwheeler@artifact-software.com">rwheeler@artifact-software.com</a>
skype: ronaldmwheeler
phone: 866-970-2435, ext 102</pre>
</body>
</html>