[Asterisk-Users] Can bad person with SIPp attack Asterisk ?

Kevin Walsh kevin at cursor.biz
Wed Oct 27 14:54:20 MST 2004


Robert Rozman [rozman at fri.uni-lj.si] wrote:
> sorry maybe dumb question. But could person with bad intent attack
> Asterisk PBX with SIPp tool ? 
> 
I don't know what the SIPp tool is, but there are bound to be hidden
security bugs in the Asterisk code, just waiting for someone to exploit.
To mitigate this, you must not run Asterisk as root;  Create a specific
Asterisk user and group ID, and run Asterisk using that.

Basic security precautions should be taken with all public-facing
services - not just Asterisk.

-- 
   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
 _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/




More information about the asterisk-users mailing list