On 03/13/2012 03:53 PM, Kevin P. Fleming wrote:
On 03/13/2012 08:11 AM, A J Stiles wrote:
On Tuesday 13 March 2012, Randall wrote:
hi all,
have asterisk set up in combination with fail2ban.
all works as expected only there is 1 extension that is trying to
register with a wrong password causing fail2ban to block the IP
address,
normally that is ok behaviour but i have several extensions on that IP
address.
..... snip .....
anyway to see which "wrong password" is being used?
tcpflow.
(And don't underestimate the power of simply disconnecting things
until it
works ..... last thing you disconnected was the faulty one.)
This will not help. Assuming we are talking about a SIP REGISTER here,
the password is *not* sent in the request. Asterisk issues a challenge
including a randomly generated value (called a 'nonce'), then the UA
attempting to register responds to that challenge with an MD5 digest
of a string composed of various elements, including both the nonce and
the shared secret ('password'). Asterisk computes the same digest
internally, and if they match, then the assumption is that both ends
know the shared secret.
By their very nature, digest functions are not reversible; given the
MD5 digest present in an SIP request containing an Authorization
header, there is no way to figure out what shared secret was used in
the computation of that digest. Since you know the nonce and the other
portions of the calculation, you could attempt to try various 'likely'
passwords to see if any of them result in the same digest value...
this is called the brute-force method, and it could take a *very* long
time to arrive at a shared secret that would allow the endpoint to
register.
confirmed,
doesn't work
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
