[asterisk-users] lock SIP Account after too many failed logins

Grygoriy Dobrovolskyy megahohol at gmail.com
Fri Jan 9 11:10:47 CST 2009 

2009/1/9 Steve Howes <steve at geekinter.net>

> On 9 Jan 2009, at 16:36, Klaus Darilion wrote:
> > Hi!
> >
> > I want to detect brute-force password hacking attacks - thus if there
> > are too many failed login attempts for a SIP account I want to "lock"
> > this account.
> >
> > Does somebody have any ideas how this could be implemented?
>
> Bad plan? Could quite easily turn into a DoS.
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>


I have the same problem, just look here:

Jan  9 15:14:37 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:37 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:37 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:37 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:37 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:37 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:38 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:38 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:38 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:38 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:38 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:38 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:39 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:39 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:39 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085D101651 at 83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch


It's not a bad idea maybe to create something like maxloginattemts=x
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090109/707e18ef/attachment.htm

More information about the asterisk-users mailing list