From 4a62345f923a432e90b72434da59d59100e3e478 Mon Sep 17 00:00:00 2001
From: tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>
Date: Thu, 2 Apr 2009 17:09:13 +0000
Subject: Merged revisions 186056 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.2

........
  r186056 | tilghman | 2009-04-02 12:02:18 -0500 (Thu, 02 Apr 2009) | 2 lines

  Fix for AST-2009-003
........


git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@186059 f38db490-d61c-443f-a65b-d21fe96a405b
---
 configs/sip.conf.sample | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'configs/sip.conf.sample')

diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample
index c55f71bc6..966d9abf5 100644
--- a/configs/sip.conf.sample
+++ b/configs/sip.conf.sample
@@ -141,9 +141,11 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
 ;callevents=no                   ; generate manager events when sip ua 
                                  ; performs events (e.g. hold)
 ;alwaysauthreject = yes          ; When an incoming INVITE or REGISTER is to be rejected,
-                                 ; for any reason, always reject with '401 Unauthorized'
+                                 ; for any reason, always reject with an identical response
+                                 ; equivalent to valid username and invalid password/hash
                                  ; instead of letting the requester know whether there was
-                                 ; a matching user or peer for their request
+                                 ; a matching user or peer for their request.  This reduces
+                                 ; the ability of an attacker to scan for valid SIP usernames.
 
 ;g726nonstandard = yes          ; If the peer negotiates G726-32 audio, use AAL2 packing
                                 ; order instead of RFC3551 packing order (this is required
-- 
cgit v1.2.3