[asterisk-users] Hacked
Jaswinder Singh
vicky.r at gmail.com
Wed Apr 8 16:33:37 CDT 2009
Here's what fail2ban service caught
The IP 89.111.184.221 has just been banned by Fail2Ban after
80 attempts against ASTERISK.
On Wed, Apr 8, 2009 at 7:01 PM, Tilghman Lesher <
tilghman at mail.jeffandtilghman.com> wrote:
> On Tuesday 07 April 2009 11:28:52 Tilghman Lesher wrote:
> > The recent vulnerability had nothing to do with this, but with the
> ability
> > of an attacker to scan a SIP server for legitimate usernames and
> passwords.
> > This, by the way, merely took advantage of the SIP protocol, as written.
> > Normally, SIP allows you to differentiate between invalid usernames (404)
> > and invalid passwords (403). What we closed in the recent vulnerability
> > patch was to allow administrators to send back 403, regardless of whether
> > the username existed or not.
>
> By the way, I am VASTLY oversimplifying the return codes here for the sake
> of
> clarity. The actual return code is based upon a number of factors, but it
> is
> modeled to return the same responses as would a bad password with a
> legitimate
> user account (thus making it impossible, externally, to tell the difference
> between a legitimate user account and a non-existent user account).
>
> --
> Tilghman
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090409/ace52555/attachment.htm
More information about the asterisk-users
mailing list