On Thu, Jun 12, 2008 at 04:23:46AM -0400, Mark Adams wrote: > My situation seems unique because I am not using a router even at this > point. I was given a sheet of ip addresses and was told just to provision by > devices with the given ip's and they would handle the rest. My devices are > hooked directly to their switch in my location. > > This hasn't been an issue up until now because I only had analog (mediatrix > and audiocodes 24 port gateways x 4) connected to the switch. Now I am going > to a software based dialer (i.e. asterisk/ vicidial) and have run into these > problems.
This is one of the reasons why VoIP/Internet can be problematic: even if you have a firewall, you're required to expose your SIP or IAX ports to the net at large, whether through a firewall, or some sort of proxy -- which means you're at the mercy of people finding exploits in Asterisk that they can use to pwn your machine. Probably the only *really* good approach to this is the one we use here at Vici: don't let SIP and IAX out of the building. All of our PSTN connections are via traditional T-1 trunking to IXCs, and all of our agents are inside the building as well, on T-1/Zap/DAHDI channelbanks. If I ever do have to put people outside the building, I'll put them on secure VPNs, and the same if I have to trunk to commercial VoIP carriers. At the very least in this latter case, I'll IP lock the incoming connection, if I can't find a carrier that will do VoIP/VPN/Internet. Cheers, -- jra -- Jay R. Ashworth Baylink [EMAIL PROTECTED] Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin) _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
