It's an open source project. Pay a programmer or make the modification yourself and submit a patch.
On Sat, Nov 24, 2012 at 4:51 PM, Ron Wheeler <[email protected] > wrote: > I looking through my logs, I found that people where probing my SIP > accounts looking for passwords. > Asterisk was helping them out by processing hundreds of requests per > minute. > I did a bit of Googling and this seems to be a frequent knock against > Asterisk's security. > > It would seem pretty simple to add a configuration setting to sip.conf to > delay the response to a bad account or password. > > There is a half measure to confuse the probe by sending the same error > return for either error. > It appears that many people have complained that this should be the > default setting only changed if your are debugging a problem. > > There is no reason for a working system to ever have bad passwords so this > is clearly an attack in almost every case. > > A simple delay would solve the problem for most people who use reasonable > passwords. > > I had to install fail2ban which is a PITA but thanks to someone's clear > recipe, I was able to get it working. > > I hope that this can be worked into a release soon. > > Ron > > -- > Ron Wheeler > President > Artifact Software Inc > email: [email protected] > skype: ronaldmwheeler > phone: 866-970-2435, ext 102 > > > -- > ______________________________**______________________________**_________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/**mailman/listinfo/asterisk-**users<http://lists.digium.com/mailman/listinfo/asterisk-users> > -- -Chris Harrington ACSDi Office: 763.559.5800 Mobile Phone: 612.326.4248
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
