[asterisk-users] FW: Under heavy attack
Cary Fitch
caryf at usawide.net
Tue Nov 2 11:27:57 CDT 2010
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of jon pounder
Sent: Tuesday, November 02, 2010 10:24 AM
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] FW: Under heavy attack
>
> I'm still on old-fashion copper-wire and "have yet to experience the joy"
of
> SIP Trunk-"ing" and the type of issues discussed in this thread. My
thought
> to share here is that outgoing calls should be "easy" for thoroughly
> authenticated users and impossible for others...
>
> Probably more can-o-worms than help. Sorry if this is so.
>
>
>
nothing new here, this is just the digital equivalent of a wats line
with a weak access code for outbound access.
the difference is code guessing can be a lot more aggressive now, and
finding the inbound path is simpler.
==================
Each system needs to be configured according to its purpose and needs.
Simply these are phone systems, not e-mail or web servers. You may want to
be able to get mail from (almost) anywhere in the world, same for web
services.
But for a phone system you may have very different needs. One can visualize
the differences between a national or international VOIP provider, a 4
person office in Little Rock, AR, a local SIP provider in Houston, TX and an
international sales company with offices in Rome Italy.
A small sip system used with an upstream VOIP provider should be invisible
to 99.9999% of the world's population. (Excepting any other trusted peers.)
If there was a wide spread peering network and an individual system
wanted/needed to access and be accessed like email then it would be a
different world. We could all be robo-call spammed just like email. :-(
But leaving small systems open for attack from 99.9999 percent of the world
is just begging for trouble.
Cary Fitch
More information about the asterisk-users
mailing list