On Tue, 2010-04-13 at 15:49 +0200, Philipp von Klitzing wrote: > Hi! > > > Any aditional security within * is fine, but if someone is simply > > drowning your bandwith, action must be taken at a lower level. > > Otherwise you endup re-inventing the wheel for D.o.s. attackes for voip, > > mail, ssh, ldap, http, rsync, (or any other service you might be running) > > However, I *still* think Asterisk should provide a "delayreject" option > in sip.conf to greatly slow down answering request avanlanches. That will > help to address the bandwidth issue if the attacker is configured to wait > for a response before starting the next request. > > Apart from that here are the most important messages: Use strong > passwords in sip.conf, and use keys in iax.conf, and avoid usernames that > can be guessed too easily (numbers from 100 to 9999 and first names). >
Agreed, best would be to only use ssl-certificates for authentication, but not all parts involved support that, (to put it mildly...) hw -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
