Simple answer to all this is to install http://lync.microsoft.com/ ... good luck ;) -- Thanks, Phil
----- Original Message ----- > Kevin P. Fleming wrote: > > > > 'alwaysauthreject' in not imcompliant with any RFCs; the RFCs > > define > > response codes that *can* be used to indicate (for example) that > > the > > Request URI does not represent a target known to the receiver (404 > > Not > > Found), but does not mandate that the server respond with that code > > in > > that situation. > > > Kevin, > > Thanks for the correction and I apologize if I'm propagating a > misconception. Am I misunderstanding this Asterisk Security > Advisory? > > http://lists.digium.com/pipermail/asterisk-announce/2009-April/000177.html > > In 2006, the Asterisk maintainers made it more difficult > to scan for valid SIP usernames by implementing an > option called "alwaysauthreject"... > > ...What we have done is to carefully emulate exactly the > same responses throughout possible dialogs, which should > prevent attackers from gleaning this information. All > invalid users, if this option is turned on, will receive > the same response throughout the dialog, as if a > username was valid, but the password was incorrect. > > It is important to note several things. First, this > vulnerability is derived directly from the SIP > specification, and it is a technical violation of RFC > 3261 (and subsequent RFCs, as of this date), for us to > return these responses... > > I am asking out of genuine curiosity, because I trust your assessment > more than my interpretation of the advisory. > > Thank you, > > Matthew Roth > InterMedia Marketing Solutions > Software Engineer and Systems Developer > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users