[asterisk-users] SIP Security

Juan C. Villa juanqui at villafam.com
Tue Jan 12 11:43:18 CST 2010


Hey guys,

I've been running asterisk on my server for some time now (currently
running Asterisk 1.6.2.0). I am having security issues with my SIP
accounts. Unauthorized people have been able to access the server (bots)
and they have been able to make calls (in today's case to Cuba).

Here's a copy (slightly modified) of my sip.conf:

[general]
context=default                 ; Default context for incoming calls
videosupport=yes
rtcachefriends=yes
autocreatepeer=no
t38pt_udptl=yes

allowoverlap=no                                 
udpbindaddr=0.0.0.0 
srvlookup=yes
;pedantic=yes

disallow=all
allow=alaw
allow=ulaw
allow=speex

[1001]
type=friend
username=1001
secret=blah
subscribecontext=default
regexten=1001
callerid="blah" <XXXXXXXXXX>
host=dynamic
nat=yes
canreinvite=no
mailbox=1001 at default
registertrying=yes

[testuser]
type=friend
secret=blah
callerid="blah" <XXXXXXXXX>
host=dynamic
nat=yes
qualify=yes
allowsubscribe=yes
canreinvite=no
context=default


[testuser2]
type=friend
username=testuser2
secret=
callerid="blah" <blah>
host=dynamic
nat=yes
qualify=yes
allowsubscribe=yes
canreinvite=no
context=default


Someone is able to connect to my server and make a call since they can
access the default context. What should I do?

Thanks guys!








More information about the asterisk-users mailing list