[asterisk-users] Is this doable?
Gordon Messmer
yinyang at eburg.com
Wed Feb 8 00:51:48 CST 2012
On 02/07/2012 09:43 AM, Josh wrote:
>> More or less. I don't know if it's easy to trigger for specific caller
>> ID values, or for none. You might need to to a little customization,
>> but something mostly like what you describe is present.
> I am glad to see this! Which modules/functions present this
> functionality - do you know?
http://www.asterisk.org/astdocs/node66.html
>> Is there some kind of attack that you believe is possible on one
>> interface that isn't on the other? I can't conceive of any way that
>> making your service available on additional addresses increases your
>> vulnerability.
> Of course it does - by making Asterisk service available on, say eth2
> (by binding on 0.0.0.0 that is automatically enabled, i.e. Asterisk can
> receive packets coming from that interface). This is not what I want.
Yes, I understand that it's not what you want, but that doesn't make it
a security concern. If Asterisk is publicly available on one interface,
making it available on another interface doesn't make you less secure.
It's fine if you want to take that step, but please drop the "everyone
knows this is a security risk" thing. You appear to be alone in that
opinion, and unable to explain why you think it's a security risk.
Moreover, you're speaking for others without warrant or welcome.
More information about the asterisk-users
mailing list