Dave Platt wrote:
>> SIP was written in such a way that the hashes it sends for passwords
>> could, with only a trivial rewrite of the server code, be SHA1 instead
>> of MD5 -- which would increase security to the level that, currently, it
>> would be far more trouble than it's worth to even bother
> SIP was written in such a way that the hashes it sends for passwords
> could, with only a trivial rewrite of the server code, be SHA1 instead
> of MD5 -- which would increase security to the level that, currently, it
> would be far more trouble than it's worth to even bother to attempt to
> crack
On 27/03/2009 3:32 a.m., randulo wrote:
> On Thu, Mar 26, 2009 at 2:38 PM, SIP wrote:
>> And so, in answer to your question, I don't think there ARE necessarily
>> steps that can be taken right now to ensure that there's a rational
>> approach to the resolution of such an issue of fraud. Barring s
http://www.google.com/search?q=asterisk+brute+force+prevention
http://etel.wiki.oreilly.com/wiki/index.php/Asterisk_Brute_Force_Prevention
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP
"Enough research will tend to support your
conclus
randulo wrote:
> On Thu, Mar 26, 2009 at 4:19 PM, SIP wrote:
>
>> The first approach is the current approach: build software with little
>> thought to how it will be secured, opting for all the work of securing
>>
>
> What about SIP itself? Does it provide enough crypto to be solid? Or
>
Gordon wrote:
> There are other more advanced things you can do with iptables which I've
> been looking at - but the esence is to count/time new connections to a
> particular service from each IP address and if more connections per unit
> of time happen, then apply a temporary block for a bigger pe
On Thu, Mar 26, 2009 at 4:19 PM, SIP wrote:
> The first approach is the current approach: build software with little
> thought to how it will be secured, opting for all the work of securing
What about SIP itself? Does it provide enough crypto to be solid? Or
is that handled only by the layer ab
randulo wrote:
> On Thu, Mar 26, 2009 at 2:38 PM, SIP wrote:
>
>> And so, in answer to your question, I don't think there ARE necessarily
>> steps that can be taken right now to ensure that there's a rational
>> approach to the resolution of such an issue of fraud. Barring some sort
>> of major
tel Support
-Original Message-
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of randulo
Sent: March-26-09 9:03 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Is there a public blac
On Thu, Mar 26, 2009 at 2:38 PM, SIP wrote:
> And so, in answer to your question, I don't think there ARE necessarily
> steps that can be taken right now to ensure that there's a rational
> approach to the resolution of such an issue of fraud. Barring some sort
> of major legal precedent, it's goi
randulo wrote:
> On Thu, Mar 26, 2009 at 1:32 PM, SIP wrote:
>
>> As an end-point ITSP, I can assure you, it would be us who's assessed
>> the requisite charges. If someone uses a fraudulent card, we're required
>> to pay. If someone uses a three letter password on his account, and it's
>> hack
On Thu, Mar 26, 2009 at 1:32 PM, SIP wrote:
> As an end-point ITSP, I can assure you, it would be us who's assessed
> the requisite charges. If someone uses a fraudulent card, we're required
> to pay. If someone uses a three letter password on his account, and it's
> hacked into and uses to rack u
randulo wrote:
> This brings up a side issue. Banks on the Internet have had to provide
> a sort of insurance that allows the customer to be protected if
> someone hacks in to his or her account. ITSP will need to think
> carefully about having a similar policy that protects people from an
> attack
On Wed, 25 Mar 2009, Zeeshan Zakaria wrote:
> Thanks Gordon for your suggestions and advices. I changed the passwords same
> day, and was monitoring my system very closely. I also use a non standard
> port for SSH, and also plan to move my SIP port to a non standard one too in
> future. At this ti
This brings up a side issue. Banks on the Internet have had to provide
a sort of insurance that allows the customer to be protected if
someone hacks in to his or her account. ITSP will need to think
carefully about having a similar policy that protects people from an
attack to the provider, no?
Wh
Thanks Gordon for your suggestions and advices. I changed the passwords same
day, and was monitoring my system very closely. I also use a non standard
port for SSH, and also plan to move my SIP port to a non standard one too in
future. At this time things are ok, but I know that this problem is gro
Wilton Helm wrote:
> If life were only that simple. A lot of hacking passes through
> unsuspecting intermediary computers, precisely to hide their tracks, not
> to mention IP spoofing. People have offered for sale access to 10,000
> computers to use for propagating mischief. That's a lot of
If life were only that simple. A lot of hacking passes through unsuspecting
intermediary computers, precisely to hide their tracks, not to mention IP
spoofing. People have offered for sale access to 10,000 computers to use for
propagating mischief. That's a lot of IPs to block!
I got hacked
18 matches
Mail list logo