Elliot, by any chance do you recollect your subject line of post or date range of this issue (month year) helps searching the archive a lot faster n better.
Thanks & Regards, Mitul Limbani, Founder & CEO, Enterux Solutions Pvt. Ltd., The Enterprise Linux Company (r), http://www.enterux.com http://www.entVoice.com On 05-Sep-2009, at 12:55 AM, Elliot Otchet <[email protected] > wrote: > Rehan, > > Search the archive, I posted a method for this a few months back. > It works well for sip at blocking ip's of people in the guest cotext > who dial invalid extensions. > > Regards, > > Elliot > > Pardon the typos, my Blackberry has small buttons. > Elliot Otchet > Calling Circles LLC > > ----- Original Message ----- > From: [email protected] > <[email protected] > > > To: Commercial and Business-Oriented Asterisk Discussion > <[email protected] > > > Sent: Fri Sep 04 12:44:39 2009 > Subject: Re: [asterisk-biz] A hacker attack on asterisk > > At least in the past Asterisk by default allows guest calls. I > recommend the following: > > Put context=INVALID in [general] There's nothing special about the > name, it just reminds me why I put it in there. If you want you can > put > a [INVALID] section of extensions.conf to catch unauthenticated calls. > If you don't do this the call will just be rejected. > > As the LAST entry in iax.conf put [guest] with context=INVALID. I've > not used IAX in a while, but for a long time any unauthenticated calls > would match the last entry in iax.conf. > > Rehan Ahmed Allahwala wrote: >> We have a customer who is facing this problem. >> >> There gateway asterisk to the termination side is being attacked by >> the >> hacker. >> >> The gateway asterisk is using ip based authentication, and also iax >> user >> name and password. >> >> The hacker is somehow able to send out the call out via the gateway >> asterisk, faking the ip address. >> >> The FULL log does not show any trace of the call or the number >> which is >> being called in the NODE Asterisk of which ip is being used, >> however the >> log of the GATEWAY Asterisk shows that the call was made from the >> IP of >> the NODE asterisk. >> >> Any suggestions, what they can use to do a further authentication for >> this particular customer ? >> >> Rehan >> >> >> >> --- >> --------------------------------------------------------------------- >> >> _______________________________________________ >> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >> >> AstriCon 2009 - October 13 - 15 Phoenix, Arizona >> Register Now: http://www.astricon.net >> >> asterisk-biz mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-biz > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > AstriCon 2009 - October 13 - 15 Phoenix, Arizona > Register Now: http://www.astricon.net > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz > > This message is intended only for the use of the individual (s) or > entity to which it is addressed and may contain information that is > privileged, confidential, and/or proprietary to Calling Circles LLC > and its affiliates. If the reader of this message is not the > intended recipient, you are hereby notified that any dissemination, > distribution, forwarding or copying of this communication is > prohibited without the express permission of the sender. If you have > received this communication in error, please notify the sender > immediately and delete the original message. > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > AstriCon 2009 - October 13 - 15 Phoenix, Arizona > Register Now: http://www.astricon.net > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- AstriCon 2009 - October 13 - 15 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
