[asterisk-users] Securing Asterisk

Cary Fitch caryf at usawide.net
Wed Jul 27 12:44:42 CDT 2011


CDR wrote:
> 
> The point is that a minor change in the code would have a dramatic
> effect on security, and carry a lower impact on CPU that using
> Iptables. The simplicity of the change cannot understated.


You're in luck.  Since Asterisk is open source, you can make the
unbelievably simple change yourself.  If you make it configurable and
default it to "no" (so as not to break backwards compatibility, not to
mention RFC compliance), it may even get accepted into Asterisk so
that you won't have to maintain your own patchset.

This feature would actually be a bit like "alwaysauthreject" in that
it breaks RFC compliance for the sake of security, so it's not a
completely lost cause.  However, pining away on a mailing list about
how simple the work would be instead of doing it yourself is.

Regards,

Matthew Roth

=============
And, I suspect someone somewhere would do it for a $25 bounty, and the
original poster could save $50,000 in telecom billings and email time.

:-)
CF




More information about the asterisk-users mailing list