On Sun, Jun 13, 2010 at 3:06 PM, sean darcy <seandar...@gmail.com> wrote:
> But I'm struck with your notion of having sip user ids different from > extensions. That would not require any user effort, or messing with each > phone. But... > It'd be just as much effort as changing the passwords for each phone. You'll have to modify the SIP USERNAME setting on each phone you want to change the username for, the same as modifying the SIP PASSWORD setting for each phone. I'd recommend changing all of the passwords, modifying them on the phones themselves, and then setting up a fail2ban solution that will ban anyone who has more than 5 failed password attempts in less than a few minutes. You can even leave iptables setup to allow all, and just block the IPs that fail2ban triggers on. In your situation, using a password like 0000, you may not end up with 5 failed password attempts, as that's usually one of the first things the scripts out there will try, so fail2ban will only help you if you up your password security. I've had trouble getting the permit/deny trick to work as an IP filter in the past, so instead I went with an iptables / fail2ban solution, along with difficult to guess passwords. -- Thanks, --Warren Selby http://www.selbytech.com
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users