SIP Password Probe

Home » Asterisk Users » SIP Password Probe
Asterisk Users 4 Comments

I looking through my logs, I found that people where probing my SIP
accounts looking for passwords. Asterisk was helping them out by processing hundreds of requests per minute. I did a bit of Googling and this seems to be a frequent knock against Asterisk’s security.

It would seem pretty simple to add a configuration setting to sip.conf to delay the response to a bad account or password.

There is a half measure to confuse the probe by sending the same error return for either error. It appears that many people have complained that this should be the default setting only changed if your are debugging a problem.

There is no reason for a working system to ever have bad passwords so this is clearly an attack in almost every case.

A simple delay would solve the problem for most people who use reasonable passwords.

I had to install fail2ban which is a PITA but thanks to someone’s clear recipe, I was able to get it working.

I hope that this can be worked into a release soon.

Ron

4 thoughts on - SIP Password Probe

  • It’s an open source project. Pay a programmer or make the modification yourself and submit a patch.

    On Sat, Nov 24, 2012 at 4:51 PM, Ron Wheeler

  • You don’t really want me coding!
    I have solved the problem for me.

    Just add it to the queue of enhancements for the next time someone is working on SIP.

    Ron