[asterisk-users] Security issue

Grygoriy Dobrovolskyy megahohol at gmail.com
Mon Feb 9 03:52:07 CST 2009


Hello, if you dont know iptables that much, and would like to see more "user
friendly" configuration method, i suggest you to use Shorewall, which is
very flexible, has some clear logs, and generates same iptable rules behind.

2009/2/8 David fire <ddfire at gmail.com>

> denay permit are in sip.conf and iax.conf
> David
>
> 2009/2/7 oumar ndiaye <ondiaye at antg.com>
>
> David,
>> Thanks in advance. Where do I change the user/peers definition? Is it in
>> the firewall of the OS? In that case that won't work because the server host
>> other services such as ssh http that are open to any IP as long as the user
>> has the correct credentials. Doesn't asterisk itself has built in security
>> filters?
>>
>> If the only choice is to do in the OS's firewall, then I will need to
>> include the port numbers of SIP, IAX in my firewall rules. In this case,
>> which ports should I block to keep unwanted SIP/IAX connections from
>> specific IP's.
>> Thanks.
>>
>> On Sat, Feb 7, 2009 at 9:29 AM, David fire <ddfire at gmail.com> wrote:
>>
>>> you have many options but you should use it together.
>>> firewall
>>>
>>> in the user/peers definitions add host=<ip>
>>> and/or
>>> deny=0.0.0.0/0.0.0.0
>>> permit=<ip>/<mask>
>>>
>>> change the ip of your server.
>>>
>>> use something like ossec to avoid force brute.
>>>
>>> David
>>>
>>> 2009/2/6 oumar ndiaye <ond4444 at gmail.com>
>>>
>>>>  Is there a way to restrict connection to my asterisk server to users
>>>> based on their IP addresses, and not just password. I have some hackers who
>>>> connect to my server to make illegitimate solicitation calls to people. I
>>>> had to shutdown the server for now until I find a solution. ANY HELP?
>>>>  Thanks.
>>>> ond
>>>>
>>>> _______________________________________________
>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>>
>>>> asterisk-users mailing list
>>>> To UNSUBSCRIBE or update options visit:
>>>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>
>>>
>>>
>>>
>>> --
>>> (\__/)
>>> (='.'=)This is Bunny. Copy and paste bunny into your
>>> (")_(")signature to help him gain world domination.
>>>
>>>
>>> _______________________________________________
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>>
>>
>>
>>
>> --
>> Oumar Ndiaye
>> CTO
>> ANTG Telecom
>> www.antg.com
>> ondiaye at antg.com
>> ondiaye at alum.mit.edu
>> ond4444 at gmail.com
>> Tel: +1-919-291-8742
>>
>>
>> _______________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
>
> --
> (\__/)
> (='.'=)This is Bunny. Copy and paste bunny into your
> (")_(")signature to help him gain world domination.
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090209/5543ca93/attachment.htm 


More information about the asterisk-users mailing list