On Monday 09 February 2009 04:17:47 Gordon Henderson wrote: > On Fri, 6 Feb 2009, oumar ndiaye wrote: > > Is there a way to restrict connection to my asterisk server to users > > based on their IP addresses, and not just password. I have some hackers > > who connect to my server to make illegitimate solicitation calls to > > people. I had to shutdown the server for now until I find a solution. ANY > > HELP? > > I'm curious about hackers getting in when you have username and passwords > set. > > How are they cracking the passwords in the first place?
Typically, the issue is that people set all numeric usernames and passwords, which are incredibly easy to scan for and brute force. If you expand your usernames and passwords to alphanumeric, these activities become exponentially more difficult. -- Tilghman _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users