[Asterisk-Dev] Re: [Asterisk-Users] SIP SECURITY WARNING: v1-0(cvs today) sip context in general section ignored goes to defaultinstead- allowing unauthorized sip devices to place calls in default context

Soren Rathje asterisk at lolle.org
Sat Dec 4 07:19:33 MST 2004


Steven Critchfield wrote:
> On Sat, 2004-12-04 at 07:08 -0600, Rich Adamson wrote:
>> Since there seems to be a large number of folks implementing * with
>> little or no initial understanding of contexts (etc), would it not be
>> appropriate to change the sample config files to address both sip and
>> iax defaults?
>>
>> At least make it more obvious for those that actually read the
>> contents of the config files. :)
>
> How about the more secure and probably more helpfull route of
> throwing a BIG warning and then disabling the module till the user
> finally configures the contexts.
>
> Ohh, but it still doesn't fix the problem of someone who includes
> their PSTN long distance in the same context they let unconfigured
> IAX/SIP/H323/whatever VoIP protocol.
>
> What do you do to protect the truly stupid, lazy, or the wonderful
> combination of both?

Oh well, people keep their doors locked for security and yet they have a key
hanging on a nail above the door and windows users still log on as
Administrator....

/Soren

"The difference between intelligence and stupidity is that intelligence has
its limits."




More information about the asterisk-dev mailing list