[Asterisk-Dev] Security Issue in Asterisk with sip.conf configuration.

Kelvin Chua kchua at up.edu.ph
Tue May 4 16:56:32 MST 2004


is there any way to extend the acl function in [general]? i think it's
only for peers/users?
 
how about cisco gateways? it keeps on going to the blackhole despite
being defined in the .conf here's an example:

reference:http://www.voip-info.org/tiki-index.php?page=Asterisk+cisco+FXO

[10.17.0.253]
type=friend
context=voip
host=10.17.0.253
dtmfmode=rfc2833
allow=ulaw
canreinvite=no
 
thanks

On Tue, 2004-05-04 at 22:14, Olle E. Johansson wrote:
> Kelvin Chua wrote:
> > uhm, maybe you have a point there, how about making it optional then?
> > that way, everybody's happy? :) the optional 'secret=' in the peer
> > configuration is very nice, at least you get to choose whether you want
> > authentication or not with a particular peer, but the entities not
> > included in the peers section are not given that option. they are simply
> > allowed to be registered and call(without acl, :) or with a broken acl),
> > now don't you think that's dangerous? 
> > 
> Asterisk accept SIP calls from anyone and send to the context you define as a default
> context in the [general] section. Define a "blackhole" context without any
> extensions and Asterisk will not accept any calls.
> 
> I can't see that we accept registrations from anyone not defined in sip.conf,
> unless you turn on "autocreatepeer". Please explain how that happens in
> your configuration and state examples of configuration and registration
> debug output.
> 
> /Olle
> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev




More information about the asterisk-dev mailing list