Ishfaq Malik wrote:
Hi
Ever since we upgraded our asterisk servers to 1.8.23.1, we no longer
get the 'no matching peer' error when we get a dictionary SIP attack.
Now the logs always show a 'wrong password' when there actually isn't a
matching peer.
We even have alwaysauthreject = yes in our sip.conf.
Has anyone else noticed this phenomenon?
This is on purpose. To fix some exposure issues the code was changed to
have an internal peer (albeit one that can never successfully be
authenticated against) that gets used if no real peer is found. This
reduces the chance (by a lot) of the code exposing information in some
off nominal cases.
--
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: www.digium.com & www.asterisk.org
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
