[asterisk-users] Asterisk Security

Martin asterisklist at callthem.info
Sat Apr 4 21:20:02 CDT 2009


Lets not be that paranoid. If you have these ports open to the internet then
from time to time someone will check if your default unsecured context
can dial out to PSTN...

with sip.conf you can add

allowguest=no

With IAX2 there's no allowguest but I believe you have to have a guest
username in iax.conf with no password to access
the unsecured context.

Martin

On Sat, Apr 4, 2009 at 3:42 PM, Todd Reese <treese65 at gmail.com> wrote:
> Hi All,
>
> Coming in to day, the logs on the asterisk server showed several entries
> such as:
>
> [Apr  4 15:25:16] NOTICE[9280]: chan_sip.c:14627 handle_request_invite:
> Call from '' to extension '9810380487965419' rejected because extension
> not found.
>
> This has gotten me to thinking about security of this box.
>
> 1. Currently the box sits behind a firewall with iax and sip ports
> pointing to it for the ip phones that are offsite.  There isn't any
> other access through the firewall to this box.
> 2. All devices have an extension assigned to them in sip.conf and
> extensions.conf.  i.e. supra ATA, Grandstream GXP-2000
> 3. The box is fed via Les.net and Voicepluse.  All other feeds are
> shutoff when not active.
>
> I'm looking for ideas to tighten up on the security so that this won't
> happen again.
>
> TIA,
>
> Todd Reese
>
>
>
>
>
>
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



More information about the asterisk-users mailing list