[asterisk-users] Security questions

C F shmaltz at gmail.com
Sat Jul 23 22:36:43 CDT 2011


It's not bad but it wont prevent flooding your box with register
attempts and spoofing a user agent is trivia at best.

On Sat, Jul 23, 2011 at 9:09 PM, Flavio Miranda
<flaviormiranda at hotmail.com> wrote:
> Hello everybody!
>
>   I'd like to heard from those with more experience in Security if the
> following configuration is a good attempt to prevent hack:
>
> exten => CALLER,2,Set(header=${SIP_HEADER(User-Agent)})
> exten => CALLER,3,NoOp(Cabecalho ${header})
> exten => CALLER,4,GotoIf($["${header}"= "My User Agent"]?6:7)
>
> Considering I have only one type of IP phone in my scenario.
>
> I know, somebody with another  IP phone will succeed in dial on my asterisk
> but I think it will limit at one only kind of IP phone.
>
> My question is , if there are some way to break it and use any kind of User
> Agent despite this configuratio.
>
>
> Att,
>
> Flavio Roberto Miranda
> MSN:flaviormiranda at hotmail.com
> Skype: flaviormiranda
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



More information about the asterisk-users mailing list