I understood that option worked the other way around so attacker thinks peer name is invalid even when they hit a real one.
On Wed, Jan 19, 2011 at 2:23 AM, <[email protected]> wrote: > Hi List, > > i've been receiving several sip registration probes in the last month, and > as this server is a testing site (no external lines, no nothing) i have no > fail2ban and still not planning to install. Whenever i have nagios telling > me that there is another 'guest', i go and edit iptables manually and that's > it. > > Recently i discovered that these attacks start with some kind of dictionary, > and try to guess valid peer names to use one by one. Apparently after > quarter million tries, they do find a legitim sip peer name and from that > point they stick to that peer name and the attack continues to guess only > passwords. Of course, they can not guess passwords like p(F9j43/Qgrhjv*&^3 > so i'm still not worried, but this made me believe that asterisk responds > differently when probing a valid sip peer name. > > So i was wondering through the sip.conf and found 'alwaysauthreject' which > was set to default (commented out). I now set its value to yes (which i > thought was the default setting). > > Does this setting makes the attacker believe that the first try of sip peer > name was valid, but only the password was incorrect? So in this case should > they stick to the first name tried whatever it was? > > thanks > adam > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
