Merged revisions 186059 via svnmerge from
[asterisk/asterisk.git] / configs / sip.conf.sample
index a67a209..37fcb74 100644 (file)
@@ -261,9 +261,11 @@ srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
 ;authfailureevents=no           ; generate manager "peerstatus" events when peer can't
                                 ; authenticate with Asterisk. Peerstatus will be "rejected".
 ;alwaysauthreject = yes         ; When an incoming INVITE or REGISTER is to be rejected,
-                                ; for any reason, always reject with '401 Unauthorized'
+                                ; for any reason, always reject with an identical response
+                                ; equivalent to valid username and invalid password/hash
                                 ; instead of letting the requester know whether there was
-                                ; a matching user or peer for their request
+                                ; a matching user or peer for their request.  This reduces
+                                ; the ability of an attacker to scan for valid SIP usernames.
 
 ;g726nonstandard = yes          ; If the peer negotiates G726-32 audio, use AAL2 packing
                                 ; order instead of RFC3551 packing order (this is required