[asterisk-users] How to stop intruder from registering sip?

sean darcy seandarcy2 at gmail.com
Sun Jun 13 14:41:27 CDT 2010


On 06/13/2010 02:07 AM, dotnetdub wrote:
>
>     The trouble with whitelisting, or using iptables to block 5060 (in fact
>     * is behind a router - 5060 is port forwarded) is that traveling
>     employees wouldn't be able to register with inbound extensions. We set
>     up our travelers so they can connect from wherever, and be treated as if
>     they were at a local extension. That is, the employee can dial 151, or
>     be dialed at his extension. He can not however dial third parties, or at
>     least isn't supposed to.
>
>     sean
>
>
>
> If you leave your asterisk box open to the world with passwords like
> 0000 you deserve to be hacked..
>
> Are your travelling people using softphones? If they are VPN would be a
> good idea..
>
>

Ok. Obviously we deserve all this, and I should mess around with setting 
complex passwords for all my internal extensions. And I should accept 
suffering as part atoning for our errors.

I was actually interested in a more prosaic question:

does deny/permit in the sip stanzas which have an outgoing context solve 
my immediate problem: limiting access to sip for outgoing calls?

sean






More information about the asterisk-users mailing list