[asterisk-users] asterisk security....again

satish patel satish_lx at hotmail.com
Mon Feb 28 12:16:06 CST 2011


It could be possible they are not scanning your asterisk server. They are just scanning 5060 and in this case your ATA caught by scan directly that why you don't have any logs on server side. Don't you have any setting in ATA to specify allowed IP address ? 

-Satish 

From: jstapleton at computer-business.com
To: asterisk-users at lists.digium.com
Date: Mon, 28 Feb 2011 10:27:33 -0500
Subject: Re: [asterisk-users] asterisk security....again



http://sipera.com/ is one such product. From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Rizwan Hisham
Sent: Monday, February 28, 2011 9:33 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] asterisk security....again Thanks Mr. Kevin. 

Can anyone please also tell me which firewall is best suited for asterisk/sip attack prevention. Is there any firewall built specially to address sip security problems?On Mon, Feb 28, 2011 at 6:38 PM, Kevin P. Fleming <kpfleming at digium.com> wrote:On 02/28/2011 07:27 AM, Rizwan Hisham wrote:Any suggestions on encrypting the sip and rtp. I have done some googling
on it. looks like it is not supported by most end point devices or
service providers. But still your thoughts will be appreciated on this
subject. You cannot protect a remote SIP endpoint from attacks via your server; that SIP endpoint is an endpoint itself, and if it can receive IP packets from attackers, it will process them. These packets don't go through your server, and encrypting the legitimate traffic between your server and the remote endpoint isn't going to make any difference at all.

The *only* way to address attacks like this is to modify the configuration of the remote endpoint to ignore all incoming packets that aren't from your server(s). Even that is not a perfect solution, though, because the attacker (if they are actually aware of your server and customers) can spoof the IP addresses of your server(s) in order to get the remote endpoints to at least accept an INVITE (they can't place a successful call through them using spoofing though).

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
skype: kpfleming | jabber: kfleming at digium.com
Check us out at www.digium.com & www.asterisk.org

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
             http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
 http://lists.digium.com/mailman/listinfo/asterisk-users

-- Best RagardsRizwan QureshiVoIP/Asterisk EngineerAxvoice Inc.V: +92 (0) 3333 6767 26E: rizwanhasham at gmail.comW: www.axvoice.com 
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110228/0c0a626d/attachment.htm>


More information about the asterisk-users mailing list