Alex Balashov wrote:
... that we could identify. We don't know if they were part of a coordinated scan or just launched in parallel, but they were fairly sophisticated in that they detected the nomenclature and length assignment patterns in extensions (403 Forbidden vs. 401 Unauthorized, I suppose) and zeroed in on those.
What is your methodology for naming SIP accounts? We've discovered that using something that is alpha followed by punctuation followed by a number results in zero successful name matches so far. I'm wondering what convention you use so I can think about whether we'd be vulnerable to the same discovery. When we put up simple numbers as a registration, we quickly get lots of attempts to brute force the password, often more than 5-10/second.