Summary:ASTERISK-01821: Prevent guess of IAX2 username and pass.
Reporter:Dmytro Mishchenko (arkadia)Labels:
Date Opened:2004-06-15 05:16:34Date Closed:2008-01-15 15:00:44.000-0600
Versions:Frequency of
Description:I'm talking about chan_iax2 channel but it can be applied to any other channels too. Right now Asterisk trying to authenticate user and returns response asap. It easily allows to make a setup for checking accounts and trying to guess a valid account. Can we extend check_access() with some configurable parameter which will tell how long to delay before giving "Reject" response. There are a lot of solutions of this problem this one looks like the most simple.
Comments:By: Mark Spencer (markster) 2004-06-26 10:34:36

Added as "delayreject" option in iax.conf.sample

By: Digium Subversion (svnbot) 2008-01-15 15:00:44.000-0600

Repository: asterisk
Revision: 3313

U   trunk/channels/chan_alsa.c
U   trunk/channels/chan_iax2.c
U   trunk/configs/iax.conf.sample

r3313 | markster | 2008-01-15 15:00:43 -0600 (Tue, 15 Jan 2008) | 2 lines

Minor alsa fixes, add "delayreject" option to IAX to implement request of bug ASTERISK-1821)