I appreciate your 2-cents worth.
However, I do not believe they have access to machine If so, they are clever to create three failures in the logs for my benefit before entering the correct one for hijacking. Additionally, I have a lot of sip extensions to hijack and he keeps going for the same one. I was hoping this was something with the MP-118 and someone experienced the same thing with that device. Either way, I posed two questions which are still unanswered and probably I will never get answered: 1 - is this a vulnerability in the MP-118 2 - what method could they possibly be using to hijack a number-alpha extension which is creative to begin with ie) 203-Joes_Insurance_Service with an openssl generated password of 12 characters. Thanks, --E From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Larry Moore Sent: Saturday, January 21, 2012 1:34 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Sip Registration Hijacking On 20/01/2012 9:36 AM, eherr wrote: I have a honey pot box with extensions that are not just numbers ie ) 100-MySipUserName And the passwords are from an openssl generated password ie) Gq5VNIjDFWIQoUT6 Is the password stored in sip.conf in plain text or as an MD5? If it is stored in plain text then it may suggest the hijacker has greater access to your system than you realise. My 2-cents worth.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users