Akom's Tech Ruminations

Various tech outbursts - code and solutions to practical problems

Automotive Troubleshooting car heat issues or why stop-leak is a bad idea

Posted by Admin • Saturday, October 30. 2010 • Category: Automotive
I got my truck exactly a year ago. It came complete with stop-leak (the red brick-colored pellets) in the system. I immediately flushed out all coolant and stop-leak (must have run 100 gallons through the system with a back-flush kit), but I guess that wasn't enough, as I suddenly found myself without any heat whatsoever. Now I am not that into heat, but the idea of a sheet of ice on the windshield with no recourse just doesn't sound like fun.

Since I had to figure out what the issue was step-by-step, I figured I'd write the process down for posterity (read: me, next time). So here it is...

Continue reading "Troubleshooting car heat issues or why stop-leak is a bad idea"

Asterisk Asterisk and obfuscated SIP port redirection - calls drop after 20 seconds

Posted by Admin • Tuesday, October 5. 2010 • Category: Asterisk
One of my asterisk setups got attacked recently by a brute force script kiddie. The attack is simple:
  1. Try sequential sip usernames from 1 to 10000, hoping that the admin chose a numeric username scheme
  2. If asterisk returns anything but a 401, then perhaps this is a real account, add it to the list
  3. If anything is on the list of "possibles", then brute force their passwords

Why this works:
  • Asterisk has no delay for failed logins, so a brute force attack is viable, hundreds of attempts per second are possible. Not sure what can be done about this
  • The admin didn't set alwaysauthreject = yes in sip.conf. It's off by default, why??? With this enabled, there is no way to tell if a username is valid from the reject response

To deal with this:

Continue reading "Asterisk and obfuscated SIP port redirection - calls drop after 20 seconds"