[asterisk-users] SIP Security

--[ UxBoD ]-- uxbod at splatnix.net
Tue Jan 12 11:52:31 CST 2010


----- "Juan C. Villa" <juanqui at villafam.com> wrote:

> Hey guys,
> 
> I've been running asterisk on my server for some time now (currently
> running Asterisk 1.6.2.0). I am having security issues with my SIP
> accounts. Unauthorized people have been able to access the server
> (bots)
> and they have been able to make calls (in today's case to Cuba).
> 
> Here's a copy (slightly modified) of my sip.conf:
> 
> [general]
> context=default                 ; Default context for incoming calls
> videosupport=yes
> rtcachefriends=yes
> autocreatepeer=no
> t38pt_udptl=yes
> 
> allowoverlap=no                                 
> udpbindaddr=0.0.0.0 
> srvlookup=yes
> ;pedantic=yes
> 
> disallow=all
> allow=alaw
> allow=ulaw
> allow=speex
> 
> [1001]
> type=friend
> username=1001
> secret=blah
> subscribecontext=default
> regexten=1001
> callerid="blah" <XXXXXXXXXX>
> host=dynamic
> nat=yes
> canreinvite=no
> mailbox=1001 at default
> registertrying=yes
> 
> [testuser]
> type=friend
> secret=blah
> callerid="blah" <XXXXXXXXX>
> host=dynamic
> nat=yes
> qualify=yes
> allowsubscribe=yes
> canreinvite=no
> context=default
> 
> 
> [testuser2]
> type=friend
> username=testuser2
> secret=
> callerid="blah" <blah>
> host=dynamic
> nat=yes
> qualify=yes
> allowsubscribe=yes
> canreinvite=no
> context=default
> 
> 
> Someone is able to connect to my server and make a call since they
> can
> access the default context. What should I do?
> 
> Thanks guys!
> 
>    http://lists.digium.com/mailman/listinfo/asterisk-users


http://blogs.digium.com/2009/03/28/sip-security/
-- 
Thanks, Phil



More information about the asterisk-users mailing list