Re: [asterisk-users] SIP password probe
It's an open source project. Pay a programmer or make the modification yourself and submit a patch. On Sat, Nov 24, 2012 at 4:51 PM, Ron Wheeler rwhee...@artifact-software.com wrote: I looking through my logs, I found that people where probing my SIP accounts looking for passwords. Asterisk was helping them out by processing hundreds of requests per minute. I did a bit of Googling and this seems to be a frequent knock against Asterisk's security. It would seem pretty simple to add a configuration setting to sip.conf to delay the response to a bad account or password. There is a half measure to confuse the probe by sending the same error return for either error. It appears that many people have complained that this should be the default setting only changed if your are debugging a problem. There is no reason for a working system to ever have bad passwords so this is clearly an attack in almost every case. A simple delay would solve the problem for most people who use reasonable passwords. I had to install fail2ban which is a PITA but thanks to someone's clear recipe, I was able to get it working. I hope that this can be worked into a release soon. Ron -- Ron Wheeler President Artifact Software Inc email: rwhee...@artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102 -- __**__**_ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/**mailman/listinfo/asterisk-**usershttp://lists.digium.com/mailman/listinfo/asterisk-users -- -Chris Harrington ACSDi Office: 763.559.5800 Mobile Phone: 612.326.4248 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP password probe
On 27/11/2012 12:58 PM, Christopher Harrington wrote: It's an open source project. Pay a programmer or make the modification yourself and submit a patch. You don't really want me coding! I have solved the problem for me. Just add it to the queue of enhancements for the next time someone is working on SIP. Ron On Sat, Nov 24, 2012 at 4:51 PM, Ron Wheeler rwhee...@artifact-software.com mailto:rwhee...@artifact-software.com wrote: I looking through my logs, I found that people where probing my SIP accounts looking for passwords. Asterisk was helping them out by processing hundreds of requests per minute. I did a bit of Googling and this seems to be a frequent knock against Asterisk's security. It would seem pretty simple to add a configuration setting to sip.conf to delay the response to a bad account or password. There is a half measure to confuse the probe by sending the same error return for either error. It appears that many people have complained that this should be the default setting only changed if your are debugging a problem. There is no reason for a working system to ever have bad passwords so this is clearly an attack in almost every case. A simple delay would solve the problem for most people who use reasonable passwords. I had to install fail2ban which is a PITA but thanks to someone's clear recipe, I was able to get it working. I hope that this can be worked into a release soon. Ron -- Ron Wheeler President Artifact Software Inc email: rwhee...@artifact-software.com mailto:rwhee...@artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102 tel:866-970-2435%2C%20ext%20102 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- -Chris Harrington ACSDi Office: 763.559.5800 Mobile Phone: 612.326.4248 -- Ron Wheeler President Artifact Software Inc email: rwhee...@artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP password probe
You might want to share the know how over here if its not a chan_sip patch. Mitul On Nov 28, 2012 12:28 AM, Ron Wheeler rwhee...@artifact-software.com wrote: On 27/11/2012 12:58 PM, Christopher Harrington wrote: It's an open source project. Pay a programmer or make the modification yourself and submit a patch. You don't really want me coding! I have solved the problem for me. Just add it to the queue of enhancements for the next time someone is working on SIP. Ron On Sat, Nov 24, 2012 at 4:51 PM, Ron Wheeler rwhee...@artifact-software.com wrote: I looking through my logs, I found that people where probing my SIP accounts looking for passwords. Asterisk was helping them out by processing hundreds of requests per minute. I did a bit of Googling and this seems to be a frequent knock against Asterisk's security. It would seem pretty simple to add a configuration setting to sip.conf to delay the response to a bad account or password. There is a half measure to confuse the probe by sending the same error return for either error. It appears that many people have complained that this should be the default setting only changed if your are debugging a problem. There is no reason for a working system to ever have bad passwords so this is clearly an attack in almost every case. A simple delay would solve the problem for most people who use reasonable passwords. I had to install fail2ban which is a PITA but thanks to someone's clear recipe, I was able to get it working. I hope that this can be worked into a release soon. Ron -- Ron Wheeler President Artifact Software Inc email: rwhee...@artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- -Chris Harrington ACSDi Office: 763.559.5800 Mobile Phone: 612.326.4248 -- Ron Wheeler President Artifact Software Inc email: rwhee...@artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP password probe
I had to install fail2ban and configure it to watch Asterisk. Ron On 27/11/2012 2:11 PM, Mitul Limbani wrote: You might want to share the know how over here if its not a chan_sip patch. Mitul On Nov 28, 2012 12:28 AM, Ron Wheeler rwhee...@artifact-software.com mailto:rwhee...@artifact-software.com wrote: On 27/11/2012 12:58 PM, Christopher Harrington wrote: It's an open source project. Pay a programmer or make the modification yourself and submit a patch. You don't really want me coding! I have solved the problem for me. Just add it to the queue of enhancements for the next time someone is working on SIP. Ron On Sat, Nov 24, 2012 at 4:51 PM, Ron Wheeler rwhee...@artifact-software.com mailto:rwhee...@artifact-software.com wrote: I looking through my logs, I found that people where probing my SIP accounts looking for passwords. Asterisk was helping them out by processing hundreds of requests per minute. I did a bit of Googling and this seems to be a frequent knock against Asterisk's security. It would seem pretty simple to add a configuration setting to sip.conf to delay the response to a bad account or password. There is a half measure to confuse the probe by sending the same error return for either error. It appears that many people have complained that this should be the default setting only changed if your are debugging a problem. There is no reason for a working system to ever have bad passwords so this is clearly an attack in almost every case. A simple delay would solve the problem for most people who use reasonable passwords. I had to install fail2ban which is a PITA but thanks to someone's clear recipe, I was able to get it working. I hope that this can be worked into a release soon. Ron -- Ron Wheeler President Artifact Software Inc email: rwhee...@artifact-software.com mailto:rwhee...@artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102 tel:866-970-2435%2C%20ext%20102 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- -Chris Harrington ACSDi Office: 763.559.5800 tel:763.559.5800 Mobile Phone: 612.326.4248 tel:612.326.4248 -- Ron Wheeler President Artifact Software Inc email:rwhee...@artifact-software.com mailto:rwhee...@artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- Ron Wheeler President Artifact Software Inc email: rwhee...@artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] SIP password probe
I looking through my logs, I found that people where probing my SIP accounts looking for passwords. Asterisk was helping them out by processing hundreds of requests per minute. I did a bit of Googling and this seems to be a frequent knock against Asterisk's security. It would seem pretty simple to add a configuration setting to sip.conf to delay the response to a bad account or password. There is a half measure to confuse the probe by sending the same error return for either error. It appears that many people have complained that this should be the default setting only changed if your are debugging a problem. There is no reason for a working system to ever have bad passwords so this is clearly an attack in almost every case. A simple delay would solve the problem for most people who use reasonable passwords. I had to install fail2ban which is a PITA but thanks to someone's clear recipe, I was able to get it working. I hope that this can be worked into a release soon. Ron -- Ron Wheeler President Artifact Software Inc email: rwhee...@artifact-software.com skype: ronaldmwheeler phone: 866-970-2435, ext 102 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
