On Tue, Apr 13, 2010 at 04:32:58PM +0200, Hans Witvliet wrote:
> On Tue, 2010-04-13 at 15:49 +0200, Philipp von Klitzing wrote:
> > Hi!
> >
> > > Any aditional security within * is fine, but if someone is simply
> > > drowning your bandwith, action must be taken at a lower level.
> > > Otherwise you endup re-inventing the wheel for D.o.s. attackes for voip,
> > > mail, ssh, ldap, http, rsync, (or any other service you might be running)
> >
> > However, I *still* think Asterisk should provide a "delayreject" option
> > in sip.conf to greatly slow down answering request avanlanches. That will
> > help to address the bandwidth issue if the attacker is configured to wait
> > for a response before starting the next request.
> >
> > Apart from that here are the most important messages: Use strong
> > passwords in sip.conf, and use keys in iax.conf, and avoid usernames that
> > can be guessed too easily (numbers from 100 to 9999 and first names).
> >
>
> Agreed, best would be to only use ssl-certificates for authentication,
> but not all parts involved support that, (to put it mildly...)
Secure authentication won't solve the problem of attackers flodding your
pipe. Especially not if you have ADSL or similar connection.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.co...@xorcom.com
+972-50-7952406 mailto:tzafrir.co...@xorcom.com
http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
