[asterisk-users] Security questions

Mitesh Thakkar mail.mthakkar at gmail.com
Sun Jul 24 03:57:59 CDT 2011


Configure a firewall to allow only known IP's.

Regards,
Mitesh Thakkar
+91 94279 07952
GTalk: mail.mthakkar at gmail.com



On Sun, Jul 24, 2011 at 9:06 AM, C F <shmaltz at gmail.com> wrote:
> It's not bad but it wont prevent flooding your box with register
> attempts and spoofing a user agent is trivia at best.
>
> On Sat, Jul 23, 2011 at 9:09 PM, Flavio Miranda
> <flaviormiranda at hotmail.com> wrote:
>> Hello everybody!
>>
>>   I'd like to heard from those with more experience in Security if the
>> following configuration is a good attempt to prevent hack:
>>
>> exten => CALLER,2,Set(header=${SIP_HEADER(User-Agent)})
>> exten => CALLER,3,NoOp(Cabecalho ${header})
>> exten => CALLER,4,GotoIf($["${header}"= "My User Agent"]?6:7)
>>
>> Considering I have only one type of IP phone in my scenario.
>>
>> I know, somebody with another  IP phone will succeed in dial on my asterisk
>> but I think it will limit at one only kind of IP phone.
>>
>> My question is , if there are some way to break it and use any kind of User
>> Agent despite this configuratio.
>>
>>
>> Att,
>>
>> Flavio Roberto Miranda
>> MSN:flaviormiranda at hotmail.com
>> Skype: flaviormiranda
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>               http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



More information about the asterisk-users mailing list