[asterisk-users] Disallow CALLS without registry

[Frank Vanoni]

On Thu, 2017-02-09 at 14:58 +0200, Антон Сацкий wrote:


> so the main question is -- how to Disallow CALLS without registering
> on PBX

sip.conf configuration
In the [general] section, define:


[general]
...
allowguest=no
alwaysauthreject=yes
...


The "allowguest" line disables anonymous SIP calls to your PBX. Some SIP
providers connect as a guest user, however, so this may be inappropriate
for your situation. Also, if you want to accept anonymous SIP calls,
this line would block them, so you wouldn't want that. But it is listed
here because it is the safest configuration.

The "alwaysauthreject" line is important. This causes a hacker to get
the same response from your PBX when they try to guess passwords whether
or not they guessed a valid username. This also has the side-effect of
making poorly written scanning scripts (the vast majority of hacker
scripts seem to be poorly written) take less resources on your Asterisk
box, as even if they scan a valid username, they'll think it doesn't
exist.

(Source: https://www.voip-info.org/wiki/view/Asterisk+security )