[asterisk-users] How to stop intruder from registering sip?
Steve Edwards
asterisk.org at sedwards.com
Fri Jun 11 19:26:19 CDT 2010
On Fri, 11 Jun 2010, Fred Posner wrote:
> On Jun 11, 2010, at 5:55 PM, sean darcy wrote:
>
>> This is a small 12 line system, internal extensions 150 - 180. I didn't
>> have a phone on 151. Here's the sip.conf stanza: --snip-- There's no
>> DISA. And then somehow (how???) ip address 79.117.17.247 becomes
>> extension 151 and starts making calls to West Africa.
>>
>> Now contactdeny and contactpermit over solve the problem. For instance,
>> I can't register with my voip provider. I don't care about peers who I
>> make calls to, or receive calls from. I'm just stunned someone can
>> become a peer and make calls themselves.
>>
>> How do I fix this in some reasonable way.
>>
>> sean
>
> What is the default context in sip.conf? Does it allow outbound calls?
>
> Do you have autocreatepeer=no?
You should make all your externally facing services as secure as possible.
http://nerdvittles.com/?p=684 may give you some Asterisk specific tips.
Then, add another layer of security -- sift through all of the class A
address assignments at arin.net* and block all that make sense for you at
your border router. For me, I blocked all of the class As assigned to
afrinic, apnic, jnic, lacnic, and ripe.
Hacking attempts (SMTP, SSH, and SIP) just about evaporated. On a small
email/ssh/sip server I drop about 1,500,000 packets a week.
*) Or download my list at http://www.sedwards.com/class-a-block-list
-- assuming you're not already on the list :)
--
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
More information about the asterisk-users
mailing list