----- Original Message ----- > From: "Sam Muro" <[email protected]> > To: [email protected] > Sent: Friday, October 14, 2011 2:02:01 AM > Subject: [asterisk-users] Asterisk Security: Allow only one phone per sip > registration > Hi there > > Consider this. You have three SIP extension 200, 201 and 202 and you > have > configured your phones, say Polycom 331 to those accounts. 200 being > one > very sensitive individual. > > Lets say, an insider, get a new phone or perhaps an xlite and > configure it > with the same extension, 200. Asterisk will register it as 200 to the > new > IP address. Now extension 202 call 200. The hacker answers it and > pretend > is the same person. Do what he want to do and thats it. > > Question; > How can i stop this type of threat
I would recommend actually setting a different secret field in sip.conf for each device so that your would-be attacker isn't able to register as someone else. Or you could buy a gun. I bet the insider would be very afraid of the gun and would therefore avoid any shenanigans while you were around. This would especially be true if you randomly shot items like coffee cups and plants whenever you thought they were looking at you funny. That'll show 'em. -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
