Sip security

I have a question regarding this from this link blogs.digium.com/2009/03/28/sip-security/.

  1. Make your SIP usernames different than your extensions. While it is convenient to have extension “1234″ map to SIP entry “1234″ which is also SIP user “1234″, this is an easy target for attackers to guess SIP authentication names. Use the MAC address of the device, or some sort of combination of a common phrase + extension MD5 hash (example: from a shell prompt, try “md5 -s ThePassword5000″)

I don’t understand it clearly what should be different so I set an example.

[asterguy]
deny = 0.0.0.0/0.0.0.0
permit = 192.168.100.0/255.255.255.0
permit = 10.8.0.0/255.255.255.0
username = asterguy
secret = pogi
alwaysauthreject = yes
disallow = all
allow = g729
allow = ulaw
allow = alaw
type = friend
nat = yes
host = dynamic
dtmfmode = rfc2833
canreinvite = no
qualify = yes
context = pogicontext

Where is the extension and sip name here? What can be different?

SIP username in the example is “asterguy”.

Extension number is defined in extensions.conf. For example:

exten => 100,1,Dial(SIP/asterguy,20,t)

Here you see that the extension number and SIP username are different :wink:

Correct.

Cheers.