On 3/29/2011 12:25 PM, Steve Edwards wrote: >> On Tue, 29 Mar 2011 12:10:59 -0500, Sherwood McGowan > >>> First thing I'd do is restrict the ip blocks your sip endpoints can >>> register/call from in sip.conf (or your database's table for sip >>> endpoints) > > On Tue, 29 Mar 2011, Gilles wrote: > >> Thanks for the idea, but it's not possible, as the Asterisk must be >> accessible for road warriors and receive SIP calls from anyone. > > Really? How many callers are you expecting from North Korea, Libya, > China, Iran, etc? >
Thanks Steve, you just emailed exactly what I was going to say... Remember guys, there's a LOT of IP blocks out there that are almost definitely not going to be somewhere you expect to receive SIP traffic from. Where are you located? Where do your road warriors usually travel? Start by blocking countries that are not going to be expected to send traffic 98% of the time. When I first started out as a consultant, I helped get a certain U.S. ITSP up and running, and we reduced fraud and hack attempts DRASTICALLY simply by blocking most of the countries that are pretty much known for the prolific numbers of hackers. Sure, we had like, 2 customers call in to say they had traveled abroad (or sent their device to a family/friend abroad) and couldn't get their device to register. But seriously, it was rare. Either way, just a suggestion -- Sherwood McGowan <[email protected]> Carrier, ITSP, Call Center, and PBX Solutions Consultant -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
