[asterisk-users] Binding to 0.0.0.0 a security risk?

[C F]

While usually thread hijacking is not something that should be done,
in this case thank you for hijacking it as the OP on his original
topic was way off topic.
First for the OPs original question. Everything with IP routing up to
layer 4 is handled by linux not by asterisk. However, sip might have
some signaling and/or headers that include an IP address on something
higher than layer 3 which is where asterisk comes in play.
Asterisk can quite nicely deal with NAT provided you set it up right.
That said the answer to your question is it doable? yes it is. Next
time do lots of hands on and you'll see for yourself.
The reason I see this as off topic is because it was mainly routing
questions you had which is linux and not asterisk.


On Sun, Feb 5, 2012 at 7:43 PM, Steve Edwards <asterisk.org at sedwards.com> wrote:
> On Sun, 5 Feb 2012, Josh wrote:
>
>> I am a bit baffled though - Asterisk has existed for quite a while now and
>> I am not sure why this wasn't implemented sooner - everyone knows that using
>> 0.0.0.0 is a security risk.

Everyone knows? Not me. From Steves post I understand that neither
does he know. Do you mind explaining this?


>
>
> Why do you see binding to 0.0.0.0 to be a security risk?
>
> If you only have 1 interface, what's the difference?
>
> If you have 2 interfaces, just bind to one or the other.
>
> If you have 3 or more interfaces (or you need to just bind to some subset),
> you should have the skills to configure 'iptables.'
>
> Unfortunately, (IIRC) Asterisk does not reply to the same interface packets
> are received from which limits the usefulness of multiple interfaces.