[Asterisk-Users] TFTP Server Facing the Internet
Paul Rodan
asterisk at glitch.cc
Thu Jan 27 07:49:57 MST 2005
TFTP is inherently insecure :-) This insecurity is how I got my BroadVoice
SIP UID and Pass a long time ago before they supported Asterisk, told them
the MAC of my Cisco phone and just grabbed the config file off their tftp
server, interesting stuff.
FireWall is your only true solution but that stops the phone from being able
to be mobile.
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Michael Welter
Sent: Wednesday, January 26, 2005 11:34 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [Asterisk-Users] TFTP Server Facing the Internet
Since we're chatting about tftp servers...
Let's say I have a new customer with Cisco 79xx phones, and he desires
to SIP register on my Asterisk system. I would have to provide the
SIP<mac>.cnf and SIPDefault.cnf files on my tftp server for his phones.
These files would be world readable, which I don't want.
Is the solution to put the tftp server behind the firewall and port
redirect based on the customer's IP, or is there a better way of
restricting access?
Thanks,
Mike
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list