[asterisk-users] Binding to 0.0.0.0 a security risk?
Raj Mathur ( राज माथुर )
raju at linux-delhi.org
Tue Feb 7 20:27:11 CST 2012
On Tuesday 07 Feb 2012, Jakob Hirsch wrote:
> Steve Edwards, 2012-02-06 01:43:
> > Unfortunately, (IIRC) Asterisk does not reply to the same interface
> > packets are received from which limits the usefulness of multiple
> > interfaces.
>
> Right, that's what I also observed. We had to take special measures
> to handle this. The problem lies in the nature of connectionless
> protocols as UDP. We also use freeradius, which does it right by
> itself (but still needs a compile time switch "--with-udpfromto" for
> it).
Packets not going out on the same interface as the one they were
received on is a general IP issue, not just for connectionless
protocols. The same behaviour can be seen with TCP too. Unless you
mangle with iptables or something, all information about the received
interface has been stripped from the packet by the time it reaches the
IP layer.
</nitpick>
Regards,
-- Raj
--
Raj Mathur || raju at kandalaya.org || GPG:
http://otheronepercent.blogspot.com || http://kandalaya.org || CC68
It is the mind that moves || http://schizoid.in || D17F
More information about the asterisk-users
mailing list