[Asterisk-Dev] Re: SIP SECURITY WARNING: v1-0 (cvs today) sip
context in general section ignored goes to default instead -
allowing unauthorized sip devices to place calls in default context
Tom Ivar Helbekkmo
tih at eunetnorge.no
Sat Dec 4 07:53:22 MST 2004
Steven Critchfield <critch at basesys.com> writes:
> What do you do to protect the truly stupid, lazy, or the wonderful
> combination of both?
You set up the default configuration files to accept all incoming
requests into a context that, regardless of the attempted extension,
answers by reading a voice message that explains that you need to
follow the instructions in sip.conf and extensions.conf, telling you
how to create a safe installation that will actually handle calls.
In sip.conf, there could be a comment, in the [general] section,
explaining that the active "context=initial" setting is what gives
this behavior, and naming a couple of other preconfigured contexts
you can name instead to enable more functionality.
-tih
--
Tom Ivar Helbekkmo, Senior System Administrator, EUnet Norway Hosting
www.eunet.no T +47-22092958 M +47-93013940 F +47-22092901 FWD 484145
More information about the asterisk-dev
mailing list