[asterisk-users] Securing Asterisk
Danny Nicholas
danny at debsinc.com
Sat Jul 23 13:13:21 CDT 2011
Simple economics tells me that we can't pay enough guys $X U.S. to stop the
problem when we are competing with multiple folks working for $0.X US.
Asterisk isn't the problem, it's just another limb on the victim tree.
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Paul Belanger
Sent: Saturday, July 23, 2011 1:10 PM
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] Securing Asterisk
On 11-07-23 01:38 PM, CDR wrote:
> I beg to differ. Digium is hiding from the real world and somebody is
> going take the software and run with it. My customers lost in excess
> of $50.000 and cut my pay in half, because of hackers. The hackers
> figured out how to scan every asterisk for weak passwords or open
> ports, and bang them real good. We need two things: a) disable in
> sip.conf the reply for INVITES that have wrong user information, and
> also, b) disable any response to any REGISTER packet altogether. Can
> somebody please write patch? Or should we go broke trying to stop the
> flood of criminals coming from abroad?
> Federico
>
I'm not sure I understand your statement. Because your customer was hacked
for $50,000 and your pay was cut in half, it is a result of Digium (or the
Asterisk project) 'hiding from the real world'?
Your previous point aside, may I ask how your client solved the problem?
I'm assuming they are still operating an Asterisk box without the patches
you have requested.
--
Paul Belanger
Digium, Inc. | Software Developer
twitter: pabelanger | IRC: pabelanger (Freenode) Check us out at:
http://digium.com & http://asterisk.org
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to
Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list