[asterisk-users] Under heavy attack
jon pounder
jonp at inline.net
Sun Oct 31 11:04:52 CDT 2010
On 10/31/2010 11:39 AM, Mark Deneen wrote:
> On Sun, Oct 31, 2010 at 11:26 AM, Joel Maslak<jmaslak at antelope.net> wrote:
>
>> If these are mobile users, I hope they never use any public networks
>> (hotels, starbucks) where other subscribers can do things like ARP attacks
>> to do MITM (and steal your calls; it might not be happening today, but it
>> will be happening soon - as the social networking attacks demonstrate). If
>> you do have truly roaming users, I hope you use HTTPS (with validation of
>> certs turned on) or a VPN (likely not an option of connecting to an ADSL
>> site, due to bandwidth concerns).
>>
> Can you explain why VPN is not an option for ADSL? (Open)VPN overhead
> is not that high. ~70 bytes per packet if I remember correctly.
>
> -M
>
>
We're not using it for calls but do have a huge openvpn infrastructure
connecting wifi access controllers and there is not a ton of overhead at
all, and it runs on endpoints with very limited resources. What might
need lots of tweaking is how the sip packets get converted to vpn
packets and transmitted, since there could be a lot of fragmenting and
reassembly. If phones came with it built in, the manufacturer would
presumably have figured this all out for them. PPTP is another option
thats widely supported but I don't have much personal experience with it.
More information about the asterisk-users
mailing list