> Hey, > > We are running asterisk on the internet, allowing sip phones > at customers locations/laptops etc login and use the calls. > Just make sure to disallow sip users/peers without valid > user/secret in the extensions.conf > (something like this in sip.conf) > [general] > context = sip-default > (and in extensions.conf) > [sip-default] > exten => s,1,Hangup()
So this trick allows an anonymous connection onto the * and next it closes the connection (Hangup). Isn't it possible to make Asterisk completely reject a connection if no credentials can be accepted? (Is Hangup() technically the same considering Asterisk uses UDP for SIP?) > If you dont trust and fear someone is sniffing your udp > packets that hold user/secret, you can always setup openvpn > (or whatever vpn solution) and use that to connect first and > tunnel your sip traffic through it Yep, this is an other problem. I might after all allow connections from unrecognized sip phones go to my operator (mabe they're clients!), but sending "clear text" passwords over udp packets is not nice at all. As with other things in life, I don't think anyone's actually actively tracking my moves and trying to hack into my network, but I am afraid of "IT hooligans" detecting my UDP packet on it's way from my home to my office and hacking it just to prove it's possible. Trying to find my own way through this maze I came across this page: http://www.voip-info.org/wiki-SIP+Authentication ...and I ask: What kind of authentication does Asterisk provide with SIP? Is it digest or basic? If it's digest - it's fine with me. If it's basic - I'll have to set up some more "barriers" for calls coming over the public network (like asking for a password from the IVR, before allowing any kind of outgoing calls). I will not be using any kind of VPN because of the extra bandwidth required. > -- > Michiel van Baak > http://michiel.vanbaak.info > [EMAIL PROTECTED] > GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7E0B9A2D > > "Why is it drug addicts and computer afficionados are both called users?" > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > Asterisk-Users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
