[asterisk-users] SIP Security
--[ UxBoD ]--
uxbod at splatnix.net
Tue Jan 12 11:52:31 CST 2010
----- "Juan C. Villa" <juanqui at villafam.com> wrote:
> Hey guys,
>
> I've been running asterisk on my server for some time now (currently
> running Asterisk 1.6.2.0). I am having security issues with my SIP
> accounts. Unauthorized people have been able to access the server
> (bots)
> and they have been able to make calls (in today's case to Cuba).
>
> Here's a copy (slightly modified) of my sip.conf:
>
> [general]
> context=default ; Default context for incoming calls
> videosupport=yes
> rtcachefriends=yes
> autocreatepeer=no
> t38pt_udptl=yes
>
> allowoverlap=no
> udpbindaddr=0.0.0.0
> srvlookup=yes
> ;pedantic=yes
>
> disallow=all
> allow=alaw
> allow=ulaw
> allow=speex
>
> [1001]
> type=friend
> username=1001
> secret=blah
> subscribecontext=default
> regexten=1001
> callerid="blah" <XXXXXXXXXX>
> host=dynamic
> nat=yes
> canreinvite=no
> mailbox=1001 at default
> registertrying=yes
>
> [testuser]
> type=friend
> secret=blah
> callerid="blah" <XXXXXXXXX>
> host=dynamic
> nat=yes
> qualify=yes
> allowsubscribe=yes
> canreinvite=no
> context=default
>
>
> [testuser2]
> type=friend
> username=testuser2
> secret=
> callerid="blah" <blah>
> host=dynamic
> nat=yes
> qualify=yes
> allowsubscribe=yes
> canreinvite=no
> context=default
>
>
> Someone is able to connect to my server and make a call since they
> can
> access the default context. What should I do?
>
> Thanks guys!
>
> http://lists.digium.com/mailman/listinfo/asterisk-users
http://blogs.digium.com/2009/03/28/sip-security/
--
Thanks, Phil
More information about the asterisk-users
mailing list