Simple economics tells me that we can't pay enough guys $X U.S. to stop the problem when we are competing with multiple folks working for $0.X US. Asterisk isn't the problem, it's just another limb on the victim tree.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Paul Belanger Sent: Saturday, July 23, 2011 1:10 PM To: [email protected] Subject: Re: [asterisk-users] Securing Asterisk On 11-07-23 01:38 PM, CDR wrote: > I beg to differ. Digium is hiding from the real world and somebody is > going take the software and run with it. My customers lost in excess > of $50.000 and cut my pay in half, because of hackers. The hackers > figured out how to scan every asterisk for weak passwords or open > ports, and bang them real good. We need two things: a) disable in > sip.conf the reply for INVITES that have wrong user information, and > also, b) disable any response to any REGISTER packet altogether. Can > somebody please write patch? Or should we go broke trying to stop the > flood of criminals coming from abroad? > Federico > I'm not sure I understand your statement. Because your customer was hacked for $50,000 and your pay was cut in half, it is a result of Digium (or the Asterisk project) 'hiding from the real world'? Your previous point aside, may I ask how your client solved the problem? I'm assuming they are still operating an Asterisk box without the patches you have requested. -- Paul Belanger Digium, Inc. | Software Developer twitter: pabelanger | IRC: pabelanger (Freenode) Check us out at: http://digium.com & http://asterisk.org -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
