But are you guys talking about if someone had access to the wire and was sniffing or an attack based on random or sequential guessing? I don't know the term but like a dictionary attack but using names.
On Tue, 16 Feb 2010 10:08:00 -0500, Dale Worley wrote: > On Tue, 2010-02-16 at 08:30 -0500, Scott Lawrence wrote: > >> On Mon, 2010-02-15 at 21:26 -0600, [email protected] wrote: >> >>> In asterisk, one of the main suggestions for security is to make your >>> SIP user names different than your extensions. >>> >> A pointless attempt at 'security through obscurity'. It's trivial to >> get a SIP endpoint to reveal its user name. >> > Well, it might actually work on Asterisk, since it's a B2BUA and a > caller can't talk directly to a phone. > > But in the real world, one does not expect these "secure" SIP user names > to be assigned pseudo-randomly, so they probably aren't hard to guess. > > Dale _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
