Security

Discuss any topic about Brekeke SIP Server.

Moderator: Brekeke Support Team

Post Reply
voipwell.com
Posts: 528
Joined: Tue Sep 20, 2005 9:10 am
Location: Tannersville, Pennsylvania

Security

Post by voipwell.com »

1. Brekeke Product Name and version:

2. Java version:

3. OS type and the version:

4. UA (phone), gateway or other hardware/software involved:

5. Select your network pattern from http://www.brekeke-sip.com/bbs/network/ ... terns.html :

6. Your problem:

Most of us have come to expect frequent scanning attacks by scanners trying to guess a password with many login attempts. Brekeke provided a dial plan entry to help deal with it.

However, we saw a new attack recently that used attempted calls to guess the name and password. So, while we were always on the lookout for registration attacks, sending the name and password in call attempts with md5 challenge response was new to us.

We would like to offer our Brekeke community our solution to this problem and solicit others ideas.

We put a dial plan at the bottom of the sip servers dial plans that gives a false reponse. Not a 404 but we used a very uncommon error message. This way they get that dial plan and the false response if they have the wrong name and password or if they didn't match a dial plan. This prevents them from knowing if they matched the name and password correctly until they get both the name and password correct and the dial plan matching rules correct. For example if you require your callers to send calls to your pbx with a 9 prefix, if the hacker doesn't know that and send calls to your pbx without a 9 prefix, they will get the same error message as if they didn't guess the password yet.

The hackers first work on the name and password and after they get that they start getting 404's that let them know they are in but they haven't matched the incoming caller-id or outgoing number format that your dial plan expects. They simply keep trying different patterns for those two variable until they match. You can thwart them by giving them the same error whether they have the auth info wrong or the patterns wrong never allowing them to know why the call failed.

Hope this helps.
Top
Mike
Posts: 733
Joined: Mon Mar 07, 2005 2:25 pm
Location: Sunny San Mateo
Contact:
Contact Mike

Post by Mike »

voipwell,
Thank you for sharing the idea which will help other users.

Here are other tips for security.
http://wiki.brekeke.com/wiki/Avoid-attacks
http://wiki.brekeke.com/wiki/Reject-non ... llers-call

We are planning to add new feature which rejects attackings.

Regards,
Top
Post Reply

Return to “Brekeke SIP Server Forum”