Thank you for the reply. On 23 Nov 2010 at 18:51, John (John Novack <[email protected]>) commented about Re: [asterisk-users] Someone has hacked into our :
> > > Gary Kuznitz wrote: > > Thank you for the reply... > > > > Comments below... > > On 22 Nov 2010 at 17:23, Tilghman (Tilghman Lesher<asterisk- > > [email protected]>) commented about Re: [asterisk-users] Someone has > > hacked > > into our : > > > > > >> On Monday 22 November 2010 17:10:31 Gary Kuznitz wrote: > >> > >>> I have the log now. I'd like to know what to look for in trying to figure > >>> out how the calls are getting originated. I'd be happy to shere all the > >>> information. I just don't want to post information on this public list > >>> that > >>> might show other people how to get in to our box. > >>> > >> allowguest=yes in sip.conf, with a context= in the [general] section that > >> is permitted to make outbound calls? > >> > > I'm trying to understand exactly what this means. > > > > I found a sip.conf in /etc/asterisk > > I have a [general] section. > > I don't have allowguest=yes. Is that good or am I supposed to have it? > > > I believe what you SHOULD have is; > allowguest=no > Not sure if that is the default behavior or not > > If I'm supposed to have it can it go any place in the [general] section? > > I have in the [general] section a line with: > > context = default > > Is this where I would remove default and enter the IP addresses that are > > allowed to > > make calls? > > > Your default context in extensions.conf should basiclly lead nowhere. > I have mine set up to play an insane laugh then hangup > Probably safe to say NEVER use context default for any outbound calling I don't have any context in extensions.conf I do have context = default in sip.conf Should I remove that line? Could you give me an example of what you have in your extensions.conf? Thank you, Gary Kuznitz > > You should also have, in general: > > alwaysauthreject=yes > This seems pretty effective in stopping some hacking > These are simple fixes. > I will let others comment on other more detailed firewalling > > John Novack > > > What would a line with IP address look like? Could you give me an example? > > If that isn't where the IP address that are allowed supposed to be where > > would I put > > them? > > > > Thank you, > > > > Gary Kuznitz > > > > > >> Just a guess, but there have been > >> more than a few such discussions on the list about that configuration, plus > >> a README-SERIOUSLY.bestpractices.txt in the root directory of every > >> Asterisk > >> source tree. You DID read that file, right? > >> > >> -- > >> Tilghman Lesher > >> Digium, Inc. | Senior Software Developer > >> twitter: Corydon76 | IRC: Corydon76-dig (Freenode) > >> Check us out at: www.digium.com& www.asterisk.org > >> > >> -- > >> _____________________________________________________________________ > >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > >> New to Asterisk? Join us for a live introductory webinar every Thurs: > >> http://www.asterisk.org/hello > >> > >> asterisk-users mailing list > >> To UNSUBSCRIBE or update options visit: > >> http://lists.digium.com/mailman/listinfo/asterisk-users > >> > > > > > > > > -- > > Dog is my Co-pilot > -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
