I got a simple asterisk server on a lan with a very basic configuration. I looked about the authentication security and I cracked the accounts by brute force attack easily. I tried to found an option in the asterisk.conf or sip.conf to limit the number of failed authentication but without success. I saw maxauthreq=5; in the iax.conf but that s not working ^^.
Then my question, do you have an idea on how secure asterisk against a brute force attack ?