This isnt very unusual out in the wild... Its why you should have strong passwords on your sip accounts... I have seen probably a million dollars worth of fraud at various ITSPs over the past few years due to pour passwords, pourly configured firewalls, and pourly configured TDM gateways....
That being said limiting registrations to 5 per sec might be ok for you at home but some people run that normally... That's only about 300 end points on a 60 sec registration timeout (which happens a lot due to nat) > From: thomas schorpp <[email protected]> > Reply-To: <[email protected]>, Developers Mailing List > <[email protected]> > Date: Mon, 09 Mar 2009 10:06:18 +0100 > To: Developers Mailing List <[email protected]> > Subject: [Callweaver-dev] [SECURITY] Possible Bruteforce SIP-Registration > Vulnerability, 1.2 rel branch > > Mar 7 15:39:50 NOTICE[3059469200] chan_sip.c: Registration from > '"577618652"<sip:577618...@xxx>' failed for '90.156.212.164' - Username/auth > name mismatch > Mar 7 15:39:50 NOTICE[3059469200] chan_sip.c: Registration from > '"0"<sip:0...@xxx>' failed for '90.156.212.164' - Username/auth name mismatch > Mar 7 15:39:50 NOTICE[3059469200] chan_sip.c: Registration from > '"1"<sip:1...@xxx>' failed for '90.156.212.164' - Username/auth name mismatch > Mar 7 15:39:50 NOTICE[3059469200] chan_sip.c: Registration from > '"2"<sip:2...@xxx>' failed for '90.156.212.164' - Username/auth name mismatch > Mar 7 15:39:50 NOTICE[3059469200] chan_sip.c: Registration from > '"3"<sip:3...@xxx>' failed for '90.156.212.164' - Username/auth name mismatch > Mar 7 15:39:50 NOTICE[3059469200] chan_sip.c: Registration from > '"4"<sip:4...@xxx>' failed for '90.156.212.164' - Username/auth name mismatch > Mar 7 15:39:50 NOTICE[3059469200] chan_sip.c: Registration from > '"5"<sip:5...@xxx>' failed for '90.156.212.164' - Username/auth name mismatch > ... > > Had a (trivial) break-in attempt here with the 2008-12-02 rev. and to restrict > inbound to the SIP port > to the registered providers with iptables to protect from but this prevents my > wifi-phone from registering > from outside foreign wlan networks, too. > > I think we should not allow 5 REGISTER's per second, should we? > > y > tom > > _______________________________________________ > Callweaver-dev mailing list > [email protected] > http://lists.callweaver.org/mailman/listinfo/callweaver-dev _______________________________________________ Callweaver-dev mailing list [email protected] http://lists.callweaver.org/mailman/listinfo/callweaver-dev
