On 11/01/2010 05:13 PM, Carlos Alvarez wrote:
Alex Balashov wrote:
... that we could identify. We don't know if they were part of a coordinated scan or just launched in parallel, but they were fairly sophisticated in that they detected the nomenclature and length assignment patterns in extensions (403 Forbidden vs. 401 Unauthorized, I suppose) and zeroed in on those.
What is your methodology for naming SIP accounts? We've discovered that using something that is alpha followed by punctuation followed by a number results in zero successful name matches so far. I'm wondering what convention you use so I can think about whether we'd be vulnerable to the same discovery. When we put up simple numbers as a registration, we quickly get lots of attempts to brute force the password, often more than 5-10/second.
4-digit extension numbers, but unfortunately it's not my methodology, it's the customer's. Not my choice. The passwords, however, are extremely strong. -- Alex Balashov - Principal Evariste Systems LLC 1170 Peachtree Street 12th Floor, Suite 1200 Atlanta, GA 30309 Tel: +1-678-954-0670 Fax: +1-404-961-1892 Web: http://www.evaristesys.com/