Hi, there are several possibilities do to it
REGISTER Username/Extensions Enumeration INVITE Username/Extensions Enumeration OPTION Username/Extensions Enumeration for more information: http://www.hackingvoip.com/presentations/sample_chapter3_hacking_voip.pdf rich... On Thu, Nov 19, 2009 at 12:46 AM, Rasmus Männa <[email protected]> wrote: > Hi All, > > I must say that there are many ways to detect password attack cause this > information actually goes into logs and it's possible to analyze them. > Couple of hours thinking + day or 2 creating gives a really nice result. Bad > thing is that by the time someone will start guessing password with > dictionary attack or brute force (it doesn't matter) he already knows what > is the account name/ID. > > All this leads me to question which is (from my point of view) a bit more > important. Is there any way to detect SIP/IAX account guessing without > actually dumping UDP flow ? I tried some _hacking_ tools and these create > only some logs in debug mode. Using debug is not always an option cause in > some cases it creates ~5MB log in a minute - such flow is quite impossible > to handle. > > Does anyone have any experience catching account guessing attempts > automatically ? Any kind of ideas would be wonderful :) > > thx a lot, > -- > razu > > > On 11/18/2009 10:01 PM, Ioan Indreias wrote: > > Hello Xavier, > > Unfortunately we are not aware of any Asterisk configuration which will > protect against of a brute force attack on SIP. > > We use BFD - http://www.rfxn.com/projects/brute-force-detection/ . > > We have found first details here: http://engineertim.com/?cat=15 and > we are currently maintaining 4 rules (SIP and IAX) . All of them could be > downloaded from here: > http://www.modulo.ro/Modulo/downloads/tools/tenora.bfd.tar.gz > > We have tried to document the installation of BFD on an Asterisk server > here: > http://www.modulo.ro/Modulo/ro/Articole/Securitate_pentru_servere_Asterisk.html > (in > Romanian) > > > HTH, > Ioan (Nini) Indreias > www.modulo.ro > > > On Mon, Nov 16, 2009 at 7:24 PM, TDF <[email protected]> wrote: > >> fail2ban >> >> >> http://www.voip-info.org/wiki/view/Fail2Ban+%28with+iptables%29+And+Asterisk >> >> >> 2009/11/16 Xavier Mesquida <[email protected]> >> >> Has Asterisk any protection against brute force attack for SIP >>> authentication? >>> Something like a maximum login attempt limit >>> Thanks >>> >>> >>> >> >> _______________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> > > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
_______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
