On Fri, 11 Jun 2010, Fred Posner wrote: > On Jun 11, 2010, at 5:55 PM, sean darcy wrote: > >> This is a small 12 line system, internal extensions 150 - 180. I didn't >> have a phone on 151. Here's the sip.conf stanza: --snip-- There's no >> DISA. And then somehow (how???) ip address 79.117.17.247 becomes >> extension 151 and starts making calls to West Africa. >> >> Now contactdeny and contactpermit over solve the problem. For instance, >> I can't register with my voip provider. I don't care about peers who I >> make calls to, or receive calls from. I'm just stunned someone can >> become a peer and make calls themselves. >> >> How do I fix this in some reasonable way. >> >> sean > > What is the default context in sip.conf? Does it allow outbound calls? > > Do you have autocreatepeer=no?
You should make all your externally facing services as secure as possible. http://nerdvittles.com/?p=684 may give you some Asterisk specific tips. Then, add another layer of security -- sift through all of the class A address assignments at arin.net* and block all that make sense for you at your border router. For me, I blocked all of the class As assigned to afrinic, apnic, jnic, lacnic, and ripe. Hacking attempts (SMTP, SSH, and SIP) just about evaporated. On a small email/ssh/sip server I drop about 1,500,000 packets a week. *) Or download my list at http://www.sedwards.com/class-a-block-list -- assuming you're not already on the list :) -- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards [email protected] Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
