Password brute-force

Attacker uses application, which traverses all possible or popular words which could be used as a password, as soon as valid password would be found.
Weak passwords are prone to this attack.
Following services are prone to this type of attack:

  • SSH console. After password has been guessed attacker could perform whenever actions he wants with the server - perform parallel VoIP proxy attack, add new SIP account and terminate huge amount of calls, steal your confidential data, etc.
  • web-interface. After password has been guessed, attacker could add new VoIP account and terminate huge amount of calls or steal your confidential data.
  • SIP. In case if you have configured peers with dynamic IP address in SIP parameters, after password has been guessed, could terminate huge amount of calls.
To protect from this attack following means are used:

Русский перевод

Also available in: PDF HTML TXT