[asterisk-users] Asterisk Security: Allow only one phone per sip registration

Muro, Sam research at businesstz.com
Fri Oct 14 02:02:01 CDT 2011


Hi there

Consider this. You have three SIP extension 200, 201 and 202 and you have
configured your phones, say Polycom 331 to those accounts. 200 being one
very sensitive individual.

Lets say, an insider, get a new phone or perhaps an xlite and configure it
with the same extension, 200. Asterisk will register it as 200 to the new
IP address.  Now extension 202 call 200. The hacker answers it and pretend
is the same person. Do what he want to do and thats it.

Question;
How can i stop this type of threat

Regads
Peter



More information about the asterisk-users mailing list