I looking through my logs, I found that people where probing my SIP
accounts looking for passwords.
Asterisk was helping them out by processing hundreds of requests per minute.
I did a bit of Googling and this seems to be a frequent knock against
Asterisk's security.
It would seem pretty simple to add a configuration setting to sip.conf
to delay the response to a bad account or password.
There is a half measure to confuse the probe by sending the same error
return for either error.
It appears that many people have complained that this should be the
default setting only changed if your are debugging a problem.
There is no reason for a working system to ever have bad passwords so
this is clearly an attack in almost every case.
A simple delay would solve the problem for most people who use
reasonable passwords.
I had to install fail2ban which is a PITA but thanks to someone's clear
recipe, I was able to get it working.
I hope that this can be worked into a release soon.
Ron
--
Ron Wheeler
President
Artifact Software Inc
email: rwhee...@artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
