[asterisk-users] Securing Asterisk
Paul Belanger
pabelanger at digium.com
Sat Jul 23 13:10:08 CDT 2011
On 11-07-23 01:38 PM, CDR wrote:
> I beg to differ. Digium is hiding from the real world and somebody is
> going take the software and run with it. My customers lost in excess
> of $50.000 and cut my pay in half, because of hackers. The hackers
> figured out how to scan every asterisk for weak passwords or open
> ports, and bang them real good. We need two things: a) disable in
> sip.conf the reply for INVITES that have wrong user information, and
> also, b) disable any response to any REGISTER packet altogether. Can
> somebody please write patch? Or should we go broke trying to stop the
> flood of criminals coming from abroad?
> Federico
>
I'm not sure I understand your statement. Because your customer was
hacked for $50,000 and your pay was cut in half, it is a result of
Digium (or the Asterisk project) 'hiding from the real world'?
Your previous point aside, may I ask how your client solved the problem?
I'm assuming they are still operating an Asterisk box without the
patches you have requested.
--
Paul Belanger
Digium, Inc. | Software Developer
twitter: pabelanger | IRC: pabelanger (Freenode)
Check us out at: http://digium.com & http://asterisk.org
More information about the asterisk-users
mailing list