I guess you don't want people to be able to call you via an enum gateway then...
The problem isnt in accepting anonymous/"guest" calls... The problem is not having them properly contained so that they can only route where you want them to route to Also you must use some sane username/password policies for your sip credentials... Using exten 1000 w/ a password of 1000, or password or 1234 or something equally silly is asking to get hacked... Remember, always treat the passwords for sip the same as you would any other passwords make them long and complex... Sure someone could brute force them but its a lot harder to brute force a 10 character password that uses mixed case alphas, numerics and punctuation symbols > From: Matt Riddell <[email protected]> > Reply-To: Commercial and Business-Oriented Asterisk Discussion > <[email protected]> > Date: Tue, 08 Sep 2009 16:23:51 +1200 > To: Commercial and Business-Oriented Asterisk Discussion > <[email protected]> > Subject: Re: [asterisk-biz] Hacker's attack on Asterisk > > On 8/09/09 4:09 PM, Alex Balashov wrote: >> Never, ever accept anonymous/"guest" calls. For any reason. Ever. >> Doesn't matter what the reason is. Just don't. > > Honeypot? > > -- > Cheers, > > Matt Riddell > Director > _______________________________________________ > > http://www.venturevoip.com/news.php (Daily Asterisk News) > http://www.venturevoip.com/st.php (SmoothTorque Predictive Dialer) > http://www.venturevoip.com/c3.php (ConduIT3 PABX Systems) > > _______________________________________________ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > AstriCon 2009 - October 13 - 15 Phoenix, Arizona > Register Now: http://www.astricon.net > > asterisk-biz mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-biz _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- AstriCon 2009 - October 13 - 15 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
