[asterisk-users] How to stop intruder from registering sip?
sean darcy
seandarcy2 at gmail.com
Sun Jun 13 14:41:27 CDT 2010
On 06/13/2010 02:07 AM, dotnetdub wrote:
>
> The trouble with whitelisting, or using iptables to block 5060 (in fact
> * is behind a router - 5060 is port forwarded) is that traveling
> employees wouldn't be able to register with inbound extensions. We set
> up our travelers so they can connect from wherever, and be treated as if
> they were at a local extension. That is, the employee can dial 151, or
> be dialed at his extension. He can not however dial third parties, or at
> least isn't supposed to.
>
> sean
>
>
>
> If you leave your asterisk box open to the world with passwords like
> 0000 you deserve to be hacked..
>
> Are your travelling people using softphones? If they are VPN would be a
> good idea..
>
>
Ok. Obviously we deserve all this, and I should mess around with setting
complex passwords for all my internal extensions. And I should accept
suffering as part atoning for our errors.
I was actually interested in a more prosaic question:
does deny/permit in the sip stanzas which have an outgoing context solve
my immediate problem: limiting access to sip for outgoing calls?
sean
More information about the asterisk-users
mailing list