[asterisk-users] Securing Asterisk
Eric Wieling
EWieling at nyigc.com
Sat Jul 23 16:08:36 CDT 2011
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-
> bounces at lists.digium.com] On Behalf Of CDR
> Sent: Saturday, July 23, 2011 1:39 PM
> To: asterisk-users at lists.digium.com
> Subject: [asterisk-users] Securing Asterisk
>
> I beg to differ. Digium is hiding from the real world and somebody is going
> take the software and run with it. My customers lost in excess of $50.000 and
> cut my pay in half, because of hackers. The hackers figured out how to scan
> every asterisk for weak passwords or open ports, and bang them real good.
> We need two things: a) disable in sip.conf the reply for INVITES that have
> wrong user information, and also, b) disable any response to any REGISTER
> packet altogether. Can somebody please write patch? Or should we go
> broke trying to stop the flood of criminals coming from abroad?
> Federico
We use fail2ban to prevent brute force password hacking. We don't allow weak passwords. This isn't rocket science.
More information about the asterisk-users
mailing list