Gary Kuznitz wrote: > Thank you for the reply... > > Comments below... > On 22 Nov 2010 at 17:23, Tilghman (Tilghman Lesher<asterisk- > us...@lists.digium.com>) commented about Re: [asterisk-users] Someone has > hacked > into our : > > >> On Monday 22 November 2010 17:10:31 Gary Kuznitz wrote: >> >>> I have the log now. I'd like to know what to look for in trying to figure >>> out how the calls are getting originated. I'd be happy to shere all the >>> information. I just don't want to post information on this public list that >>> might show other people how to get in to our box. >>> >> allowguest=yes in sip.conf, with a context= in the [general] section that >> is permitted to make outbound calls? >> > I'm trying to understand exactly what this means. > > I found a sip.conf in /etc/asterisk > I have a [general] section. > I don't have allowguest=yes. Is that good or am I supposed to have it? > I believe what you SHOULD have is; allowguest=no Not sure if that is the default behavior or not > If I'm supposed to have it can it go any place in the [general] section? > I have in the [general] section a line with: > context = default > Is this where I would remove default and enter the IP addresses that are > allowed to > make calls? > Your default context in extensions.conf should basiclly lead nowhere. I have mine set up to play an insane laugh then hangup Probably safe to say NEVER use context default for any outbound calling
You should also have, in general: alwaysauthreject=yes This seems pretty effective in stopping some hacking These are simple fixes. I will let others comment on other more detailed firewalling John Novack > What would a line with IP address look like? Could you give me an example? > If that isn't where the IP address that are allowed supposed to be where > would I put > them? > > Thank you, > > Gary Kuznitz > > >> Just a guess, but there have been >> more than a few such discussions on the list about that configuration, plus >> a README-SERIOUSLY.bestpractices.txt in the root directory of every Asterisk >> source tree. You DID read that file, right? >> >> -- >> Tilghman Lesher >> Digium, Inc. | Senior Software Developer >> twitter: Corydon76 | IRC: Corydon76-dig (Freenode) >> Check us out at: www.digium.com& www.asterisk.org >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> New to Asterisk? Join us for a live introductory webinar every Thurs: >> http://www.asterisk.org/hello >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> > > > -- Dog is my Co-pilot -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users