Merged revisions 186060 via svnmerge from

https://origsvn.digium.com/svn/asterisk/trunk ................ r186060 | tilghman | 2009-04-02 12:10:28 -0500 (Thu, 02 Apr 2009) | 16 lines Merged revisions 186059 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ................ r186059 | tilghman | 2009-04-02 12:09:13 -0500 (Thu, 02 Apr 2009) | 9 lines Merged revisions 186056 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.2 ........ r186056 | tilghman | 2009-04-02 12:02:18 -0500 (Thu, 02 Apr 2009) | 2 lines Fix for AST-2009-003 ........ ................ ................ git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.1@186062 f38db490-d61c-443f-a65b-d21fe96a405b
author: tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> 2009-04-02 17:14:08 +0000
committer: tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> 2009-04-02 17:14:08 +0000
commit: 16b71fa084d8b6fdf9f0da48307e58fe692a52b9 (patch)
tree: 2a6187e5f98cf5fba692dcb353d103888fbb25a0 /configs
parent: 3cf92caee693b1c58558e4f6a8bc2f201a651e3b (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample
index e52a4436c..433606c1b 100644
--- a/configs/sip.conf.sample
+++ b/configs/sip.conf.sample
@@ -255,9 +255,11 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
 ;authfailureevents=no           ; generate manager "peerstatus" events when peer can't
                                 ; authenticate with Asterisk. Peerstatus will be "rejected".
 ;alwaysauthreject = yes         ; When an incoming INVITE or REGISTER is to be rejected,
-                                ; for any reason, always reject with '401 Unauthorized'
+                                ; for any reason, always reject with an identical response
+                                ; equivalent to valid username and invalid password/hash
                                 ; instead of letting the requester know whether there was
-                                ; a matching user or peer for their request
+                                ; a matching user or peer for their request.  This reduces
+                                ; the ability of an attacker to scan for valid SIP usernames.
 
 ;g726nonstandard = yes          ; If the peer negotiates G726-32 audio, use AAL2 packing
                                 ; order instead of RFC3551 packing order (this is required
author	tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>	2009-04-02 17:14:08 +0000
committer	tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>	2009-04-02 17:14:08 +0000
commit	16b71fa084d8b6fdf9f0da48307e58fe692a52b9 (patch)
tree	2a6187e5f98cf5fba692dcb353d103888fbb25a0 /configs
parent	3cf92caee693b1c58558e4f6a8bc2f201a651e3b (diff)