[asterisk-users] Security issue

oumar ndiaye ondiaye at antg.com
Sat Feb 7 19:47:28 CST 2009


David,
Thanks in advance. Where do I change the user/peers definition? Is it in the
firewall of the OS? In that case that won't work because the server host
other services such as ssh http that are open to any IP as long as the user
has the correct credentials. Doesn't asterisk itself has built in security
filters?

If the only choice is to do in the OS's firewall, then I will need to
include the port numbers of SIP, IAX in my firewall rules. In this case,
which ports should I block to keep unwanted SIP/IAX connections from
specific IP's.
Thanks.

On Sat, Feb 7, 2009 at 9:29 AM, David fire <ddfire at gmail.com> wrote:

> you have many options but you should use it together.
> firewall
>
> in the user/peers definitions add host=<ip>
> and/or
> deny=0.0.0.0/0.0.0.0
> permit=<ip>/<mask>
>
> change the ip of your server.
>
> use something like ossec to avoid force brute.
>
> David
>
> 2009/2/6 oumar ndiaye <ond4444 at gmail.com>
>
>>  Is there a way to restrict connection to my asterisk server to users
>> based on their IP addresses, and not just password. I have some hackers who
>> connect to my server to make illegitimate solicitation calls to people. I
>> had to shutdown the server for now until I find a solution. ANY HELP?
>> Thanks.
>> ond
>>
>> _______________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
>
> --
> (\__/)
> (='.'=)This is Bunny. Copy and paste bunny into your
> (")_(")signature to help him gain world domination.
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



-- 
Oumar Ndiaye
CTO
ANTG Telecom
www.antg.com
ondiaye at antg.com
ondiaye at alum.mit.edu
ond4444 at gmail.com
Tel: +1-919-291-8742
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090207/fe61a9e5/attachment.htm 


More information about the asterisk-users mailing list