[asterisk-users] Binding to 0.0.0.0 a security risk?

Raj Mathur ( राज माथुर ) raju at linux-delhi.org
Tue Feb 7 20:27:11 CST 2012


On Tuesday 07 Feb 2012, Jakob Hirsch wrote:
> Steve Edwards, 2012-02-06 01:43:
> > Unfortunately, (IIRC) Asterisk does not reply to the same interface
> > packets are received from which limits the usefulness of multiple
> > interfaces.
> 
> Right, that's what I also observed. We had to take special measures
> to handle this. The problem lies in the nature of connectionless
> protocols as UDP. We also use freeradius, which does it right by
> itself (but still needs a compile time switch "--with-udpfromto" for
> it).

Packets not going out on the same interface as the one they were 
received on is a general IP issue, not just for connectionless 
protocols.  The same behaviour can be seen with TCP too.  Unless you 
mangle with iptables or something, all information about the received 
interface has been stripped from the packet by the time it reaches the 
IP layer.
</nitpick>

Regards,

-- Raj
-- 
Raj Mathur                          || raju at kandalaya.org   || GPG:
http://otheronepercent.blogspot.com || http://kandalaya.org || CC68
It is the mind that moves           || http://schizoid.in   || D17F



More information about the asterisk-users mailing list