[Asterisk-Dev] Re: [Asterisk-Users] SIP SECURITY WARNING: v1-0
(cvs today) sip context in general section ignored goes to default
instead
- allowing unauthorized sip devices to place calls in default context
Steven Critchfield
critch at basesys.com
Sat Dec 4 06:50:56 MST 2004
On Sat, 2004-12-04 at 07:08 -0600, Rich Adamson wrote:
> Since there seems to be a large number of folks implementing * with
> little or no initial understanding of contexts (etc), would it not be
> appropriate to change the sample config files to address both sip and
> iax defaults?
>
> At least make it more obvious for those that actually read the contents
> of the config files. :)
How about the more secure and probably more helpfull route of throwing a
BIG warning and then disabling the module till the user finally
configures the contexts.
Ohh, but it still doesn't fix the problem of someone who includes their
PSTN long distance in the same context they let unconfigured
IAX/SIP/H323/whatever VoIP protocol.
What do you do to protect the truly stupid, lazy, or the wonderful
combination of both?
--
Steven Critchfield <critch at basesys.com>
More information about the asterisk-dev
mailing list