[asterisk-users] Binding to 0.0.0.0 a security risk?

[Josh]

> Why do you see binding to 0.0.0.0 to be a security risk?
Purely because a response from Asterisk can be received as a result of a 
connection on *any* interface on the system/machine. If I have Asterisk 
confined to, say, 2 interfaces - eth0 (10.1.1.1) and eth1 (10.2.1.1) 
then a request over a third/subsequent interface cannot be served - it 
is not normally possible.

When Asterisk binds to 0.0.0.0 that is not the case and request over a 
third/subsequent interface *can* be served by Asterisk (provided the 
routing is setup properly, that is).

> If you only have 1 interface, what's the difference?
I don't as evident from my initial post.

> If you have 2 interfaces, just bind to one or the other.
I don't - see above.

> If you have 3 or more interfaces (or you need to just bind to some 
> subset), you should have the skills to configure 'iptables.'
I do, but that is not the point - do you rely on microsoft for the 
security of your own desktop system (if you have one running windows 
that is) or do you take it into your own hands and make sure it is 
properly implemented? I don't know about you, but I am firmly in the 
latter category.

> Unfortunately, (IIRC) Asterisk does not reply to the same interface 
> packets are received from which limits the usefulness of multiple 
> interfaces.
What do you mean by that? If a request is received over eht1 are you 
saying that Asterisk does not respond over the same interface?!