| Summary: | ASTERISK-01821: Prevent guess of IAX2 username and pass. | ||
| Reporter: | Dmytro Mishchenko (arkadia) | Labels: | |
| Date Opened: | 2004-06-15 05:16:34 | Date Closed: | 2008-01-15 15:00:44.000-0600 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | I'm talking about chan_iax2 channel but it can be applied to any other channels too. Right now Asterisk trying to authenticate user and returns response asap. It easily allows to make a setup for checking accounts and trying to guess a valid account. Can we extend check_access() with some configurable parameter which will tell how long to delay before giving "Reject" response. There are a lot of solutions of this problem this one looks like the most simple. | ||
| Comments: | By: Mark Spencer (markster) 2004-06-26 10:34:36 Added as "delayreject" option in iax.conf.sample By: Digium Subversion (svnbot) 2008-01-15 15:00:44.000-0600 Repository: asterisk Revision: 3313 U trunk/channels/chan_alsa.c U trunk/channels/chan_iax2.c U trunk/configs/iax.conf.sample ------------------------------------------------------------------------ r3313 | markster | 2008-01-15 15:00:43 -0600 (Tue, 15 Jan 2008) | 2 lines Minor alsa fixes, add "delayreject" option to IAX to implement request of bug ASTERISK-1821) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=3313 | ||