<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=us-ascii" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18852"></HEAD>
<BODY>
<DIV><SPAN class=801181907-12112009><FONT size=2 face=Arial>At Tilghman's
request.</FONT></SPAN></DIV>
<DIV><SPAN class=801181907-12112009><FONT size=2
face=Arial></FONT></SPAN> </DIV>
<DIV><SPAN class=801181907-12112009><FONT size=2 face=Arial>We need to agree to
change the sip.conf default from allowguest=yes to
allowguest=no</FONT></SPAN></DIV>
<DIV><SPAN class=801181907-12112009><FONT size=2 face=Arial>and extensions.conf
to have a warning in the [default] section that sip.conf may have allowguest=yes
or nothing which will default of yes.</FONT></SPAN></DIV>
<DIV><SPAN class=801181907-12112009></SPAN><SPAN
class=801181907-12112009></SPAN><SPAN class=801181907-12112009><FONT size=2
face=Arial></FONT></SPAN> </DIV>
<DIV><SPAN class=801181907-12112009><FONT size=2
face=Arial>Reference mantis bugs;</FONT></SPAN></DIV>
<DIV><SPAN class=801181907-12112009><A
href="https://issues.asterisk.org/view.php?id=15101"><FONT size=2
face=Arial>https://issues.asterisk.org/view.php?id=15101</FONT></A><FONT size=2
face=Arial> SIP allowguest defaults to yes with 'make samples'
</FONT></SPAN></DIV>
<DIV><SPAN class=801181907-12112009><A
href="https://issues.asterisk.org/view.php?id=16226"><FONT size=2
face=Arial>https://issues.asterisk.org/view.php?id=16226</FONT></A><FONT size=2
face=Arial> 1.4.26.3 security issue - Chinese IPs somehow are making calls
without authentication </FONT></SPAN></DIV>
<DIV><SPAN class=801181907-12112009><FONT size=2
face=Arial></FONT></SPAN> </DIV>
<DIV><SPAN class=801181907-12112009><FONT size=2 face=Arial>There are many
installations out there where newbies are playing in the [default] context
in their dialplan, getting things working, then opening port 5060 in their
firewall without understanding what they've just done.</FONT></SPAN></DIV>
<DIV><SPAN class=801181907-12112009><FONT size=2
face=Arial></FONT></SPAN> </DIV>
<DIV><SPAN class=801181907-12112009><FONT size=2 face=Arial>Initially
I thought it was great that we allow any SIP phone to connect to
asterisk, with no configuration required at the astrisk end, how wrong I
was. </FONT></SPAN></DIV>
<DIV><SPAN class=801181907-12112009><FONT size=2
face=Arial></FONT></SPAN> </DIV>
<DIV><SPAN class=801181907-12112009><FONT size=2 face=Arial>Alec
Davis</FONT></SPAN></DIV></BODY></HTML>