On Fri, 11 Jun 2010, Fred Posner wrote:

> On Jun 11, 2010, at 5:55 PM, sean darcy wrote:
>
>> This is a small 12 line system, internal extensions 150 - 180. I didn't 
>> have a phone on 151. Here's the sip.conf stanza: --snip-- There's no 
>> DISA. And then somehow (how???) ip address 79.117.17.247 becomes 
>> extension 151 and starts making calls to West Africa.
>>
>> Now contactdeny and contactpermit over solve the problem. For instance, 
>> I can't register with my voip provider. I don't care about peers who I 
>> make calls to, or receive calls from. I'm just stunned someone can 
>> become a peer and make calls themselves.
>>
>> How do I fix this in some reasonable way.
>>
>> sean
>
> What is the default context in sip.conf? Does it allow outbound calls?
>
> Do you have autocreatepeer=no?

You should make all your externally facing services as secure as possible. 
http://nerdvittles.com/?p=684 may give you some Asterisk specific tips.

Then, add another layer of security -- sift through all of the class A 
address assignments at arin.net* and block all that make sense for you at 
your border router. For me, I blocked all of the class As assigned to 
afrinic, apnic, jnic, lacnic, and ripe.

Hacking attempts (SMTP, SSH, and SIP) just about evaporated. On a small 
email/ssh/sip server I drop about 1,500,000 packets a week.

*) Or download my list at http://www.sedwards.com/class-a-block-list
  -- assuming you're not already on the list :)

-- 
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards       [email protected]      Voice: +1-760-468-3867 PST
Newline                                              Fax: +1-760-731-3000

-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to