subject:"\[asterisk\-users\] Security Against brute force attack"

[asterisk-users] Security Against brute force attack

2009-11-16 Thread Xavier Mesquida

Has Asterisk any protection against brute force attack for SIP authentication?
Something like a maximum login attempt limit 
Thanks




  ___
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Security Against brute force attack

2009-11-16 Thread TDF

fail2ban

http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk


2009/11/16 Xavier Mesquida 

> Has Asterisk any protection against brute force attack for SIP
> authentication?
> Something like a maximum login attempt limit
> Thanks
>
>
>
___
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Security Against brute force attack

2009-11-18 Thread Ioan Indreias

Hello Xavier,

Unfortunately we are not aware of any Asterisk configuration which will
protect against of a brute force attack on SIP.

We use BFD - http://www.rfxn.com/projects/brute-force-detection/ .

We have found first details here: http://engineertim.com/?cat=15 and we are
currently maintaining 4 rules (SIP and IAX) . All of them could be
downloaded from here:
http://www.modulo.ro/Modulo/downloads/tools/tenora.bfd.tar.gz

We have tried to document the installation of BFD on an Asterisk server
here:
http://www.modulo.ro/Modulo/ro/Articole/Securitate_pentru_servere_Asterisk.html
(in
Romanian)


HTH,
Ioan (Nini) Indreias
www.modulo.ro


On Mon, Nov 16, 2009 at 7:24 PM, TDF  wrote:

> fail2ban
>
>
> http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk
>
>
> 2009/11/16 Xavier Mesquida 
>
>  Has Asterisk any protection against brute force attack for SIP
>> authentication?
>> Something like a maximum login attempt limit
>> Thanks
>>
>>
>>
>
> ___
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
___
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Security Against brute force attack

2009-11-18 Thread Rasmus Männa

Hi All,

I must say that there are many ways to detect password attack cause this
information actually goes into logs and it's possible to analyze them.
Couple of hours thinking + day or 2 creating gives a really nice result.
Bad thing is that by the time someone will start guessing password with
dictionary attack or brute force (it doesn't matter) he already knows
what is the account name/ID.

All this leads me to question which is (from my point of view) a bit
more important. Is there any way to detect SIP/IAX account guessing
without actually dumping UDP flow ? I tried some _hacking_ tools and
these create only some logs in debug mode. Using debug is not always an
option cause in some cases it creates ~5MB log in a minute - such flow
is quite impossible to handle.

Does anyone have any experience catching account guessing attempts
automatically ? Any kind of ideas would be wonderful :)

thx a lot,
--
razu

On 11/18/2009 10:01 PM, Ioan Indreias wrote:
> Hello Xavier,
>
> Unfortunately we are not aware of any Asterisk configuration which
> will protect against of a brute force attack on SIP. 
>
> We use BFD - http://www.rfxn.com/projects/brute-force-detection/ .
>
> We have found first details here: http://engineertim.com/?cat=15 and
> we are currently maintaining 4 rules (SIP and IAX) . All of them could
> be downloaded from
> here: http://www.modulo.ro/Modulo/downloads/tools/tenora.bfd.tar.gz
>
> We have tried to document the installation of BFD on an Asterisk
> server
> here: 
> http://www.modulo.ro/Modulo/ro/Articole/Securitate_pentru_servere_Asterisk.html
>  (in
> Romanian)
>
>
> HTH,
> Ioan (Nini) Indreias
> www.modulo.ro 
>
>
> On Mon, Nov 16, 2009 at 7:24 PM, TDF  > wrote:
>
> fail2ban
>
> 
> http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk
>
>
> 2009/11/16 Xavier Mesquida  >
>
> Has Asterisk any protection against brute force attack for SIP
> authentication?
> Something like a maximum login attempt limit
> Thanks
>
>
>
>
> ___
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
> ___
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users

___
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Security Against brute force attack

2009-11-19 Thread Coco Richard

Hi,

there are several possibilities do to it

REGISTER Username/Extensions Enumeration
INVITE Username/Extensions Enumeration
OPTION Username/Extensions Enumeration

for more information:
http://www.hackingvoip.com/presentations/sample_chapter3_hacking_voip.pdf

rich...


On Thu, Nov 19, 2009 at 12:46 AM, Rasmus Männa  wrote:

>  Hi All,
>
> I must say that there are many ways to detect password attack cause this
> information actually goes into logs and it's possible to analyze them.
> Couple of hours thinking + day or 2 creating gives a really nice result. Bad
> thing is that by the time someone will start guessing password with
> dictionary attack or brute force (it doesn't matter) he already knows what
> is the account name/ID.
>
> All this leads me to question which is (from my point of view) a bit more
> important. Is there any way to detect SIP/IAX account guessing without
> actually dumping UDP flow ? I tried some _hacking_ tools and these create
> only some logs in debug mode. Using debug is not always an option cause in
> some cases it creates ~5MB log in a minute - such flow is quite impossible
> to handle.
>
> Does anyone have any experience catching account guessing attempts
> automatically ? Any kind of ideas would be wonderful :)
>
> thx a lot,
> --
> razu
>
>
> On 11/18/2009 10:01 PM, Ioan Indreias wrote:
>
> Hello Xavier,
>
>  Unfortunately we are not aware of any Asterisk configuration which will
> protect against of a brute force attack on SIP.
>
>  We use BFD - http://www.rfxn.com/projects/brute-force-detection/ .
>
>  We have found first details here: http://engineertim.com/?cat=15 and
> we are currently maintaining 4 rules (SIP and IAX) . All of them could be
> downloaded from here:
> http://www.modulo.ro/Modulo/downloads/tools/tenora.bfd.tar.gz
>
>  We have tried to document the installation of BFD on an Asterisk server
> here:
> http://www.modulo.ro/Modulo/ro/Articole/Securitate_pentru_servere_Asterisk.html
>  (in
> Romanian)
>
>
>  HTH,
> Ioan (Nini) Indreias
> www.modulo.ro
>
>
> On Mon, Nov 16, 2009 at 7:24 PM, TDF  wrote:
>
>> fail2ban
>>
>>
>> http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk
>>
>>
>> 2009/11/16 Xavier Mesquida 
>>
>>   Has Asterisk any protection against brute force attack for SIP
>>> authentication?
>>> Something like a maximum login attempt limit
>>> Thanks
>>>
>>>
>>>
>>
>> ___
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
> ___
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
> ___
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
___
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Security Against brute force attack

Re: [asterisk-users] Security Against brute force attack

Re: [asterisk-users] Security Against brute force attack

Re: [asterisk-users] Security Against brute force attack

Re: [asterisk-users] Security Against brute force attack

5 matches

Site Navigation

Mail list logo

Footer information