[Asterisk-Dev] Security Issue in Asteriskwith sip.conf configuration.
brian k. west
brian at bkw.org
Tue May 4 18:30:49 MST 2004
thats because you sandbox them into a context and then use goto's like I do.
bkw
----- Original Message -----
From: "Kelvin Chua" <kchua at up.edu.ph>
To: <asterisk-dev at lists.digium.com>
Sent: Tuesday, May 04, 2004 5:56 PM
Subject: Re: [Asterisk-Dev] Security Issue in Asteriskwith sip.conf
configuration.
> is there any way to extend the acl function in [general]? i think it's
> only for peers/users?
>
> how about cisco gateways? it keeps on going to the blackhole despite
> being defined in the .conf here's an example:
>
> reference:http://www.voip-info.org/tiki-index.php?page=Asterisk+cisco+FXO
>
> [10.17.0.253]
> type=friend
> context=voip
> host=10.17.0.253
> dtmfmode=rfc2833
> allow=ulaw
> canreinvite=no
>
> thanks
>
> On Tue, 2004-05-04 at 22:14, Olle E. Johansson wrote:
> > Kelvin Chua wrote:
> > > uhm, maybe you have a point there, how about making it optional then?
> > > that way, everybody's happy? :) the optional 'secret=' in the peer
> > > configuration is very nice, at least you get to choose whether you
want
> > > authentication or not with a particular peer, but the entities not
> > > included in the peers section are not given that option. they are
simply
> > > allowed to be registered and call(without acl, :) or with a broken
acl),
> > > now don't you think that's dangerous?
> > >
> > Asterisk accept SIP calls from anyone and send to the context you define
as a default
> > context in the [general] section. Define a "blackhole" context without
any
> > extensions and Asterisk will not accept any calls.
> >
> > I can't see that we accept registrations from anyone not defined in
sip.conf,
> > unless you turn on "autocreatepeer". Please explain how that happens in
> > your configuration and state examples of configuration and registration
> > debug output.
> >
> > /Olle
> > _______________________________________________
> > Asterisk-Dev mailing list
> > Asterisk-Dev at lists.digium.com
> > http://lists.digium.com/mailman/listinfo/asterisk-dev
> > To UNSUBSCRIBE or update options visit:
> > http://lists.digium.com/mailman/listinfo/asterisk-dev
>
> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
>
More information about the asterisk-dev
mailing list