[asterisk-users] one for your filters
Dean Hoover
dhoover at centonline.com
Wed Jun 23 12:18:24 CDT 2010
You can look at it a few different ways. Use one or more methods:
1. If you are allowing SIP phones to register from anywhere (inside and
outside your network), make sure all the extensions have VERY strong
passwords (12 characters or more of absolute jibberish).
2. Use deny/permit for those extensions that will only be registered
inside your network. Those trying from the outside will never succeed.
3. Restrict the type of calls those extensions can make. If noone
should ever call international numbers, don't put it as an option.
Using _91NXXNXXXXXX and _9NXXXXXX (Assuming US - sorry) limits the
ability of the extension. There is only one person in our organization
that would ever make international calls, so I added a context where he
is the only one that can make those calls. And, even then, I made sure
that extension can't call places where he shouldn't call (Cuba, etc) AND
that extension can't register from outside our network.
Using the default Asterisk settings is great for making sure that things
are working the way you want, but only after securing your Asterisk
server will it work the way you need.
Hope that helps. Good luck.
--
Dean Hoover
On 6/23/2010 11:08 AM, Jeff LaCoursiere wrote:
>
> Some !@$#@@# in the Czech Republic used one of our SIP accounts to place
> four thousand calls to what appears to be a toll number in Zimbabwe last
> night. Filter 82.150.165.5.
>
> A more overriding problem for me is how do we know what *destinations* to
> filter so this idea of war dialing a toll number is something we can
> cutoff before it gets to our upstream provider? Is there some collected
> list of toll prefixes that I can filter on?
>
> Cheers,
>
> j
>
More information about the asterisk-users
mailing list