[asterisk-users] How to stop intruder from registering sip?
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Sun Jun 13 13:46:36 CDT 2010
On Sun, Jun 13, 2010 at 10:59:43AM -0700, Dave Platt wrote:
> The O.P. seems to have made two (fairly common) mistakes:
[snip]
> - Used the user's extension number as the SIP user ID... and
> thus making it easy to figure out which user IDs on which a
> password attack could be carried out.
Sadly this is something that FreePBX (and probably other systems) force
you to do.
One other minor nit:
> One of your best tools is a program or script to generate
> random sequences of letters and digits and other legal-
> in-SIP-names characters. Try something like
>
> dd if=/dev/urandom bs=512 count=1 | base64
>
> and then copy some 10- or 12-character substrings out of this
> mass of gibberish and use 'em for SIP secrets. With this many
> bits of randomness in the secrets, they'll be effectively
> invulnerable to guessing or brute force attacks.
Ahem. If you only want that many characters, just get less random bits.
This will get you 128 (16 * 8) [pseudo?]random bits:
head /dev/urandom -c 16 | base64
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-users
mailing list