On Mar 24, 2009, at 1:04 PM, Kristian Kielhofner wrote:
On Tue, Mar 24, 2009 at 12:44 PM, Tod Fitch <t...@fitchdesign.com> wrote:On Mar 24, 2009, at 9:18 AM, Philip A. Prindeville wrote:Yeah, I've seen them before. Turn off "allowguest" in /etc/asterisk/sip.conf -PhilipHummm. Wouldn't that block incoming calls from legitimate sources that are using my e164.org entry to call me? Any such calls are routed to a dial plan that only allows calls to internal extensions so I am not too worried abouttoll billing fraud.And they weren't trying to make calls, they were trying to register (i.e.become something other than a guest/anonymous caller). --TodYes. The concern is not so much people placing calls into the context you have defined in [general] with allowguest=yes but more so with people brute forcing your extensions and placing calls to the PSTN... Several people have been bit by that. There are various solutions in Asterisk being considered but the most effective at this point seems to be filtering and/or strong passwords. Obviously if you are using e.164 filtering is not an option for you and strong passwords are your only defense (as of now). -- Kristian Kielhofner http://blog.krisk.org http://www.submityoursip.com http://www.astlinux.org http://www.star2star.com
My passwords are all long alpha-numeric strings, unique to each peer and all are generated by a program I wrote that uses a cryptographically nice pseudo-random number generator. So they ought to be relatively secure.
It does seem that Asterisk does not use any scheme to throttle responses to bad requests (i.e. increasingly delayed responses for each unsuccessful login attempt from an IP address). So an attacker could run through a lot of passwords (or peer IDs) per second and eat up a lot of your bandwidth when they are doing it.
--Tod
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.