Re: [asterisk-users] lock SIP Account after too many failed logins

[Grygoriy Dobrovolskyy]

2009/1/9 Steve Howes <st...@geekinter.net>

> On 9 Jan 2009, at 16:36, Klaus Darilion wrote:
> > Hi!
> >
> > I want to detect brute-force password hacking attacks - thus if there
> > are too many failed login attempts for a SIP account I want to "lock"
> > this account.
> >
> > Does somebody have any ideas how this could be implemented?
>
> Bad plan? Could quite easily turn into a DoS.
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>


I have the same problem, just look here:

Jan  9 15:14:37 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:37 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:37 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:37 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:37 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:37 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:38 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:38 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:38 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:38 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:38 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:38 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:39 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:39 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch
Jan  9 15:14:39 NOTICE[338] chan_sip.c: Registration from
'"3CXPhone"<sip:SIP/00085d101...@83.167.156.171:5060>' failed for
'91.171.139.135' - Username/auth name mismatch


It's not a bad idea maybe to create something like maxloginattemts=x

_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users