[asterisk-users] one for your filters
Dave Platt
dplatt at radagast.org
Wed Jun 23 17:48:19 CDT 2010
> I'm still trying to figure that out. Our SIP usernames are seven digit
> phone numbers, so not really difficult to guess, but the passwords are 7
> char alpha-numeric strings, auto generated. We don't at present restrict
> people to their addresses, as some are dynamic.
If the extension in question is one that is normally accessed via
a SIP soft-phone of some sort, you should check the PC(s) on which
this softphone is run for any sort of malware infection.
There have been more than a few malware packages (viruses or trojans)
which contain payloads that search the compromised system for
various forms of authorization credentials. It's possible that
this extension's password wasn't cracked by brute force, but
was stolen from the soft-phone configuration file on a user's PC.
More information about the asterisk-users
mailing list