<br><br>On Wednesday, February 8, 2012, Josh <<a href="mailto:mojo1736@privatedemail.net">mojo1736@privatedemail.net</a>> wrote:<br>><br>>> <a href="http://www.asterisk.org/astdocs/node66.html">http://www.asterisk.org/astdocs/node66.html</a><br>
><br>> Thanks, never knew that!<br>><br>>> Yes, I understand that it's not what you want, but that doesn't make it a security concern. If Asterisk is publicly available on one interface, making it available on another interface doesn't make you less secure.<br>
><br>> You lost me. What I want/don't want is largely irrelevant. The issue is, as you rightly pointed out, whether it is considered more secure or less secure when Asterisk binds to 0.0.0.0 as oppose to using a specific set of interfaces, selected at startup.<br>
<br>I don't get this. Didnt EVERYONE know it's insecure?<br><br>><br>> If one has internal networks, accessible via, say eth1 and tun0, and implements Asterisk to act as the internal/private PBX (without exposing it to the outside world), then having been forced to use 0.0.0.0 will, of course, expose Asterisk to any other - undesirable - interfaces, including those pointing to the outside world.<br>
><br>> By having the option to specify which interfaces Asterisk should use to bind to (via multiple {udp,tcp}bind statements or by any other means) Asterisk is *not* exposed to any undesirable interfaces and thus, the risk is not there. I thought I have made that clear by now, obviously I haven't, it seems.<br>
><br>>> It's fine if you want to take that step, but please drop the "everyone knows this is a security risk" thing. You appear to be alone in that opinion, and unable to explain why you think it's a security risk. Moreover, you're speaking for others without warrant or welcome.<br>
><br>> If you can't see why binding to 0.0.0.0 carries greater risk than restricting Asterisk which interfaces to use, then you are truly blind and beyond help, I am afraid.<br>><br>><br>> --<br>> _____________________________________________________________________<br>
> -- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com">http://www.api-digital.com</a> --<br>> New to Asterisk? Join us for a live introductory webinar every Thurs:<br>> <a href="http://www.asterisk.org/hello">http://www.asterisk.org/hello</a><br>
><br>> asterisk-users mailing list<br>> To UNSUBSCRIBE or update options visit:<br>> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
>