> I'm still trying to figure that out. Our SIP usernames are seven digit > phone numbers, so not really difficult to guess, but the passwords are 7 > char alpha-numeric strings, auto generated. We don't at present restrict > people to their addresses, as some are dynamic.
If the extension in question is one that is normally accessed via a SIP soft-phone of some sort, you should check the PC(s) on which this softphone is run for any sort of malware infection. There have been more than a few malware packages (viruses or trojans) which contain payloads that search the compromised system for various forms of authorization credentials. It's possible that this extension's password wasn't cracked by brute force, but was stolen from the soft-phone configuration file on a user's PC. -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
