[asterisk-users] allowguest defaults to yes for SIP

Danny Nicholas danny at debsinc.com
Thu Nov 12 08:59:16 CST 2009


Without the allowguest=no, Asterisk doesn't put up any defense against an
unauthorized guest.  You still have NAT/Firewall/IPTABLE "defenses", for
what they are worth.  The trick is to get what you need without allowing
what you don't want.

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Dan Journo
Sent: Thursday, November 12, 2009 9:01 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] allowguest defaults to yes for SIP

Am I correct in saying that the without allowguest=no anyone can connect and
make calls through the default context?

If allowguest is set to no, how can I ensure that incoming calls can still
be received from our DDI supplier?

Many Thanks
Dan

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Danny Nicholas
Sent: 12 November 2009 14:46
To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] allowguest defaults to yes for SIP

Just my .02 - the guest context should torture or hangup instead of being
empty.  That might encourage a masochistic hacker though...

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Administrator
TOOTAI
Sent: Thursday, November 12, 2009 8:42 AM
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] allowguest defaults to yes for SIP

Lee Howard a écrit :
> In your sip.conf file allowguest defaults to yes.  This means that 
> anyone that can reach the SIP ports on that system has access to make 
> unauthenticated calls, by default.  The administrator actually has to go 
> in and turn it off to prevent unauthenticated SIP calls (in whatever 
> context [general] points at).
>
> Does anyone else agree with me that this is a poor default?  I'd like to 
> see the default setting changed.
>
> It seems to me that this default is the reason behind the 
> doc/security.txt bias against using the "default" context for toll calls.
>   
Agree. Another possibility would be to have a guestcontext defined in 
default. This context would exist but empty.

-- 
Daniel

_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users


_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users




More information about the asterisk-users mailing list