Hey hey! > > My first step will be to strengthen the passwords in use, and for the > > hardphones to restrict by IP address, but that still leaves the > > softphone quite widely open. > > Asterisk doesn't differentiate between a hard phone and a soft phone.
Although: One could think about enhancing Asterisk security by allowing only a (number of) specific SIP user agent header (vendor, model) for a SIP account - next to a strong password, of course. Or implement something more dynamic like: Read and lock the current (or first) user agent string, and then ping the admin if that changes and request an un- lock/re-auth. > > Does Asterisk 1.6 have anything in it that can automatically block out > > an attacking IP, say if it receives several 20 or so failed attempts > > from that IP in x minutes? It would still be important to have a sip.conf paramter in 1.4 that is similar to "delayreject" in iax.conf! One of my system has been scanned 3 times in the past days, and it takes just a little over a minute for a 10.000 account registration scan. Philipp -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
