At least in the past Asterisk by default allows guest calls. I recommend the following:
Put context=INVALID in [general] There's nothing special about the name, it just reminds me why I put it in there. If you want you can put a [INVALID] section of extensions.conf to catch unauthenticated calls. If you don't do this the call will just be rejected. As the LAST entry in iax.conf put [guest] with context=INVALID. I've not used IAX in a while, but for a long time any unauthenticated calls would match the last entry in iax.conf. Rehan Ahmed Allahwala wrote: > We have a customer who is facing this problem. > > There gateway asterisk to the termination side is being attacked by the > hacker. > > The gateway asterisk is using ip based authentication, and also iax user > name and password. > > The hacker is somehow able to send out the call out via the gateway > asterisk, faking the ip address. > > The FULL log does not show any trace of the call or the number which is > being called in the NODE Asterisk of which ip is being used, however the > log of the GATEWAY Asterisk shows that the call was made from the IP of > the NODE asterisk. > > Any suggestions, what they can use to do a further authentication for > this particular customer ? > > Rehan > > > > ------------------------------------------------------------------------ > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > AstriCon 2009 - October 13 - 15 Phoenix, Arizona > Register Now: http://www.astricon.net > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- AstriCon 2009 - October 13 - 15 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
