Asterisk+authentication security

hello everybody,

I got a simple asterisk server on a lan with a very basic configuration. I looked about the authentication security and I cracked the accounts by brute force attack easily. I tried to found an option in the asterisk.conf or sip.conf to limit the number of failed authentication but without success. I saw maxauthreq=5; in the iax.conf but that s not working ^^.

Then my question, do you have an idea on how secure asterisk against a brute force attack ?

What kind of security are you talking about??

did you setup an ACL? are you filtering by ACL or Prefix, are your talking about a retail customer or wholesale?

Need more details.