----- "Juan C. Villa" <juan...@villafam.com> wrote: > Hey guys, > > I've been running asterisk on my server for some time now (currently > running Asterisk 1.6.2.0). I am having security issues with my SIP > accounts. Unauthorized people have been able to access the server > (bots) > and they have been able to make calls (in today's case to Cuba). > > Here's a copy (slightly modified) of my sip.conf: > > [general] > context=default ; Default context for incoming calls > videosupport=yes > rtcachefriends=yes > autocreatepeer=no > t38pt_udptl=yes > > allowoverlap=no > udpbindaddr=0.0.0.0 > srvlookup=yes > ;pedantic=yes > > disallow=all > allow=alaw > allow=ulaw > allow=speex > > [1001] > type=friend > username=1001 > secret=blah > subscribecontext=default > regexten=1001 > callerid="blah" <XXXXXXXXXX> > host=dynamic > nat=yes > canreinvite=no > mailbox=1...@default > registertrying=yes > > [testuser] > type=friend > secret=blah > callerid="blah" <XXXXXXXXX> > host=dynamic > nat=yes > qualify=yes > allowsubscribe=yes > canreinvite=no > context=default > > > [testuser2] > type=friend > username=testuser2 > secret= > callerid="blah" <blah> > host=dynamic > nat=yes > qualify=yes > allowsubscribe=yes > canreinvite=no > context=default > > > Someone is able to connect to my server and make a call since they > can > access the default context. What should I do? > > Thanks guys! > > http://lists.digium.com/mailman/listinfo/asterisk-users
http://blogs.digium.com/2009/03/28/sip-security/ -- Thanks, Phil -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users