[asterisk-users] Binding to 0.0.0.0 a security risk?
Josh
mojo1736 at privatedemail.net
Mon Feb 6 17:27:15 CST 2012
> Why do you see binding to 0.0.0.0 to be a security risk?
Purely because a response from Asterisk can be received as a result of a
connection on *any* interface on the system/machine. If I have Asterisk
confined to, say, 2 interfaces - eth0 (10.1.1.1) and eth1 (10.2.1.1)
then a request over a third/subsequent interface cannot be served - it
is not normally possible.
When Asterisk binds to 0.0.0.0 that is not the case and request over a
third/subsequent interface *can* be served by Asterisk (provided the
routing is setup properly, that is).
> If you only have 1 interface, what's the difference?
I don't as evident from my initial post.
> If you have 2 interfaces, just bind to one or the other.
I don't - see above.
> If you have 3 or more interfaces (or you need to just bind to some
> subset), you should have the skills to configure 'iptables.'
I do, but that is not the point - do you rely on microsoft for the
security of your own desktop system (if you have one running windows
that is) or do you take it into your own hands and make sure it is
properly implemented? I don't know about you, but I am firmly in the
latter category.
> Unfortunately, (IIRC) Asterisk does not reply to the same interface
> packets are received from which limits the usefulness of multiple
> interfaces.
What do you mean by that? If a request is received over eht1 are you
saying that Asterisk does not respond over the same interface?!
More information about the asterisk-users
mailing list