On Fri, 2011-10-14 at 10:02 +0300, Muro, Sam wrote: > Hi there > > Consider this. You have three SIP extension 200, 201 and 202 and you have > configured your phones, say Polycom 331 to those accounts. 200 being one > very sensitive individual. > > Lets say, an insider, get a new phone or perhaps an xlite and configure it > with the same extension, 200. Asterisk will register it as 200 to the new > IP address. Now extension 202 call 200. The hacker answers it and pretend > is the same person. Do what he want to do and thats it. > > Question; > How can i stop this type of threat > > Regads > Peter > Perhaps use secrets? afaicr the secrets you have to provide for hardphone and softphone are readonly. If you avoid something like "secret" or "welcome" or the involved hostname, but instead use a 15 char long generated pwd, he'll have a long time trying all the possibilities.... And different pwds for each phone.
hw -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
