[asterisk-users] asterisk security....again

Rizwan Hisham rizwanhasham at gmail.com
Mon Feb 28 08:33:28 CST 2011


Thanks Mr. Kevin.

Can anyone please also tell me which firewall is best suited for
asterisk/sip attack prevention. Is there any firewall built specially to
address sip security problems?

On Mon, Feb 28, 2011 at 6:38 PM, Kevin P. Fleming <kpfleming at digium.com>wrote:

> On 02/28/2011 07:27 AM, Rizwan Hisham wrote:
>
>> Any suggestions on encrypting the sip and rtp. I have done some googling
>> on it. looks like it is not supported by most end point devices or
>> service providers. But still your thoughts will be appreciated on this
>> subject.
>>
>
> You cannot protect a remote SIP endpoint from attacks via your server; that
> SIP endpoint is an endpoint itself, and if it can receive IP packets from
> attackers, it will process them. These packets don't go through your server,
> and encrypting the legitimate traffic between your server and the remote
> endpoint isn't going to make any difference at all.
>
> The *only* way to address attacks like this is to modify the configuration
> of the remote endpoint to ignore all incoming packets that aren't from your
> server(s). Even that is not a perfect solution, though, because the attacker
> (if they are actually aware of your server and customers) can spoof the IP
> addresses of your server(s) in order to get the remote endpoints to at least
> accept an INVITE (they can't place a successful call through them using
> spoofing though).
>
> --
> Kevin P. Fleming
> Digium, Inc. | Director of Software Technologies
> 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
> skype: kpfleming | jabber: kfleming at digium.com
> Check us out at www.digium.com & www.asterisk.org
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>              http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>  http://lists.digium.com/mailman/listinfo/asterisk-users
>



-- 
Best Ragards
Rizwan Qureshi
VoIP/Asterisk Engineer
Axvoice Inc.
V: +92 (0) 3333 6767 26
E: rizwanhasham at gmail.com
W: www.axvoice.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110228/549e2303/attachment.htm>


More information about the asterisk-users mailing list