[asterisk-users] Securing Asterisk

Matthew J. Roth mroth at imminc.com
Wed Jul 27 12:35:41 CDT 2011


CDR wrote:
> 
> The point is that a minor change in the code would have a dramatic
> effect on security, and carry a lower impact on CPU that using
> Iptables. The simplicity of the change cannot understated.


You're in luck.  Since Asterisk is open source, you can make the
unbelievably simple change yourself.  If you make it configurable and
default it to "no" (so as not to break backwards compatibility, not to
mention RFC compliance), it may even get accepted into Asterisk so
that you won't have to maintain your own patchset.

This feature would actually be a bit like "alwaysauthreject" in that
it breaks RFC compliance for the sake of security, so it's not a
completely lost cause.  However, pining away on a mailing list about
how simple the work would be instead of doing it yourself is.

Regards,

Matthew Roth
InterMedia Marketing Solutions
Software Engineer and Systems Developer



More information about the asterisk-users mailing list