On 5/9/2011 7:32 AM, barisyanar wrote:
http://track.sipfoundry.org/browse/XX-4847
Hi all,
Scott Lawrence's comment on the above item seemed logical to me.
I need more feedback on what kind of an alarm it should be?
Should it be a GUI warning which is shown after user login or a sound
played after a succesful VM login?
I'll be glad to hear your comments on the issue.
We should think of this like an email server exposed to the internet.
There are many bots that randomly pick user names and passwords trying
brute force attacks. With SIP the usernames are easier to guess (0, 100,
1000, etc). The client IP should be locked out for X minutes, not the
account. This hook should be available for registration attempts also.
Logging any failed login attempts (registration, vm, web) in a log file
(say sipauth.log) would make tools like fail2ban more efficient.
--
Regards
--------------------------------------
Gerald Drouillard
Technology Architect
Drouillard& Associates, Inc.
http://www.Drouillard.biz
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
