Ishfaq Malik
2013-Nov-04 15:25 UTC
[asterisk-users] No matching peers message has gone (1.8.23.1)
Hi Ever since we upgraded our asterisk servers to 1.8.23.1, we no longer get the 'no matching peer' error when we get a dictionary SIP attack. Now the logs always show a 'wrong password' when there actually isn't a matching peer. We even have alwaysauthreject = yes in our sip.conf. Has anyone else noticed this phenomenon? Thanks in Advance Ish -- Ishfaq Malik Department: VOIP Support Company: Packnet Limited t: +44 (0)845 004 4994 f: +44 (0)161 660 9825 e: ish at pack-net.co.uk w: http://www.pack-net.co.uk Registered Address: PACKNET LIMITED, Duplex 2, Ducie House 37 Ducie Street Manchester, M1 2JW COMPANY REG NO. 04920552 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20131104/9becdcb3/attachment.html>
Joshua Colp
2013-Nov-04 15:29 UTC
[asterisk-users] No matching peers message has gone (1.8.23.1)
Ishfaq Malik wrote:> Hi > > Ever since we upgraded our asterisk servers to 1.8.23.1, we no longer > get the 'no matching peer' error when we get a dictionary SIP attack. > > Now the logs always show a 'wrong password' when there actually isn't a > matching peer. > > We even have alwaysauthreject = yes in our sip.conf. > > Has anyone else noticed this phenomenon?This is on purpose. To fix some exposure issues the code was changed to have an internal peer (albeit one that can never successfully be authenticated against) that gets used if no real peer is found. This reduces the chance (by a lot) of the code exposing information in some off nominal cases. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at: www.digium.com & www.asterisk.org
Apparently Analagous Threads
- Lync and Asterisk Realtime Architecture
- CDR dcontext not updated on FAILED and BUSY calls
- CDR billsec issue with calls forwarded through the Local channel
- SIPAddHeader from a realtime databse
- queue show <queue-name> vs queue log for calculating average hold time