h1. Password brute-force

Attacker uses application, which traverses all possible or popular words which could be used as a password, as soon as valid password would be found.
Weak passwords are prone to this attack.
Following services are prone to this type of attack:

* *SSH console*. After password has been guessed attacker could perform whenever actions he wants with the server - perform _parallel VoIP proxy attack_, add new SIP account and terminate huge amount of calls, steal your confidential data, etc.
* *web-interface*. After password has been guessed, attacker could add new VoIP account and terminate huge amount of calls or steal your confidential data.
* *SIP*. In case if you have configured peers with dynamic IP address in SIP parameters, after password has been guessed, could terminate huge amount of calls.

To protect from this attack following means are used:
* [[Fail2Ban application]]
* [[Limited SSH access]]
* [[Password strength check system]]
* [[Balance cutoff]]
* [[Origination control]]
* [[Encrypted passwords]]

[[Подбор пароля перебором|Русский перевод]]