You might want to share the know how over here if its not a chan_sip patch.
Mitul On Nov 28, 2012 12:28 AM, "Ron Wheeler" <[email protected]> wrote: > On 27/11/2012 12:58 PM, Christopher Harrington wrote: > > It's an open source project. Pay a programmer or make the modification > yourself and submit a patch. > > You don't really want me coding! > I have solved the problem for me. > > Just add it to the queue of enhancements for the next time someone is > working on SIP. > > Ron > > > > On Sat, Nov 24, 2012 at 4:51 PM, Ron Wheeler < > [email protected]> wrote: > >> I looking through my logs, I found that people where probing my SIP >> accounts looking for passwords. >> Asterisk was helping them out by processing hundreds of requests per >> minute. >> I did a bit of Googling and this seems to be a frequent knock against >> Asterisk's security. >> >> It would seem pretty simple to add a configuration setting to sip.conf to >> delay the response to a bad account or password. >> >> There is a half measure to confuse the probe by sending the same error >> return for either error. >> It appears that many people have complained that this should be the >> default setting only changed if your are debugging a problem. >> >> There is no reason for a working system to ever have bad passwords so >> this is clearly an attack in almost every case. >> >> A simple delay would solve the problem for most people who use reasonable >> passwords. >> >> I had to install fail2ban which is a PITA but thanks to someone's clear >> recipe, I was able to get it working. >> >> I hope that this can be worked into a release soon. >> >> Ron >> >> -- >> Ron Wheeler >> President >> Artifact Software Inc >> email: [email protected] >> skype: ronaldmwheeler >> phone: 866-970-2435, ext 102 >> >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> New to Asterisk? Join us for a live introductory webinar every Thurs: >> http://www.asterisk.org/hello >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> > > > > -- > -Chris Harrington > ACSDi Office: 763.559.5800 > Mobile Phone: 612.326.4248 > > > > > -- > Ron Wheeler > President > Artifact Software Inc > email: [email protected] > skype: ronaldmwheeler > phone: 866-970-2435, ext 102 > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
