[asterisk-users] Security issue
David fire
ddfire at gmail.com
Sun Feb 8 10:00:04 CST 2009
denay permit are in sip.conf and iax.conf
David
2009/2/7 oumar ndiaye <ondiaye at antg.com>
> David,
> Thanks in advance. Where do I change the user/peers definition? Is it in
> the firewall of the OS? In that case that won't work because the server host
> other services such as ssh http that are open to any IP as long as the user
> has the correct credentials. Doesn't asterisk itself has built in security
> filters?
>
> If the only choice is to do in the OS's firewall, then I will need to
> include the port numbers of SIP, IAX in my firewall rules. In this case,
> which ports should I block to keep unwanted SIP/IAX connections from
> specific IP's.
> Thanks.
>
> On Sat, Feb 7, 2009 at 9:29 AM, David fire <ddfire at gmail.com> wrote:
>
>> you have many options but you should use it together.
>> firewall
>>
>> in the user/peers definitions add host=<ip>
>> and/or
>> deny=0.0.0.0/0.0.0.0
>> permit=<ip>/<mask>
>>
>> change the ip of your server.
>>
>> use something like ossec to avoid force brute.
>>
>> David
>>
>> 2009/2/6 oumar ndiaye <ond4444 at gmail.com>
>>
>>> Is there a way to restrict connection to my asterisk server to users
>>> based on their IP addresses, and not just password. I have some hackers who
>>> connect to my server to make illegitimate solicitation calls to people. I
>>> had to shutdown the server for now until I find a solution. ANY HELP?
>>> Thanks.
>>> ond
>>>
>>> _______________________________________________
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>>
>>
>>
>>
>> --
>> (\__/)
>> (='.'=)This is Bunny. Copy and paste bunny into your
>> (")_(")signature to help him gain world domination.
>>
>>
>> _______________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
>
> --
> Oumar Ndiaye
> CTO
> ANTG Telecom
> www.antg.com
> ondiaye at antg.com
> ondiaye at alum.mit.edu
> ond4444 at gmail.com
> Tel: +1-919-291-8742
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
--
(\__/)
(='.'=)This is Bunny. Copy and paste bunny into your
(")_(")signature to help him gain world domination.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090208/059641b0/attachment.htm
More information about the asterisk-users
mailing list