[asterisk-dev] Security Request for discussion: Should sip.conf allowguest=yes be the default
sivad.a at paradise.net.nz
Thu Nov 12 01:33:50 CST 2009
At Tilghman's request.
We need to agree to change the sip.conf default from allowguest=yes to
and extensions.conf to have a warning in the [default] section that sip.conf
may have allowguest=yes or nothing which will default of yes.
Reference mantis bugs;
https://issues.asterisk.org/view.php?id=15101 SIP allowguest defaults to yes
with 'make samples'
https://issues.asterisk.org/view.php?id=16226 18.104.22.168 security issue -
Chinese IPs somehow are making calls without authentication
There are many installations out there where newbies are playing in the
[default] context in their dialplan, getting things working, then opening
port 5060 in their firewall without understanding what they've just done.
Initially I thought it was great that we allow any SIP phone to connect to
asterisk, with no configuration required at the astrisk end, how wrong I
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-dev