[asterisk-users] Is this doable?
C F
shmaltz at gmail.com
Wed Feb 8 17:21:23 CST 2012
On Wednesday, February 8, 2012, Josh <mojo1736 at privatedemail.net> wrote:
>
>> http://www.asterisk.org/astdocs/node66.html
>
> Thanks, never knew that!
>
>> Yes, I understand that it's not what you want, but that doesn't make it
a security concern. If Asterisk is publicly available on one interface,
making it available on another interface doesn't make you less secure.
>
> You lost me. What I want/don't want is largely irrelevant. The issue is,
as you rightly pointed out, whether it is considered more secure or less
secure when Asterisk binds to 0.0.0.0 as oppose to using a specific set of
interfaces, selected at startup.
I don't get this. Didnt EVERYONE know it's insecure?
>
> If one has internal networks, accessible via, say eth1 and tun0, and
implements Asterisk to act as the internal/private PBX (without exposing it
to the outside world), then having been forced to use 0.0.0.0 will, of
course, expose Asterisk to any other - undesirable - interfaces, including
those pointing to the outside world.
>
> By having the option to specify which interfaces Asterisk should use to
bind to (via multiple {udp,tcp}bind statements or by any other means)
Asterisk is *not* exposed to any undesirable interfaces and thus, the risk
is not there. I thought I have made that clear by now, obviously I haven't,
it seems.
>
>> It's fine if you want to take that step, but please drop the "everyone
knows this is a security risk" thing. You appear to be alone in that
opinion, and unable to explain why you think it's a security risk.
Moreover, you're speaking for others without warrant or welcome.
>
> If you can't see why binding to 0.0.0.0 carries greater risk than
restricting Asterisk which interfaces to use, then you are truly blind and
beyond help, I am afraid.
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20120208/14510dc3/attachment.htm>
More information about the asterisk-users
mailing list