Hello Steve,
Monday, August 19, 2013, 11:55:54 AM, you wrote:
>> >> [2013-08-18 05:56:29] NOTICE[17089][C-000000a8] chan_sip.c:
>> >> Failed to authenticate device
>> >> 390<sip:[email protected]>;tag=2762c06e
>>
>> xx.xx.xxx.xxx is my public I.P.
> What kind of filtering are you doing? Iptables?
> Rather than playing 'wack-a-mole' with hackers, my first line of defense
> is to 'white-list' just the few legitimate connections between my clients
> and their SIP providers.
I have blocked almost all the IPs except the very few I care about. I'm not
that good at iptables, but I did block at least
I guess I need to change it to something like:
Allow x
alloy y
allow z
allow local
block all
One of my concerns was what happens if my provider hands off the RTP stream to
a blocked address? It's a small Atom box with 6 phones, 6 or 8 numbers and two
users. it's behind NAT and the internet is Time Warner Cable.
Long ago I changed all my extensions to non numeric 40 character or so things
with similar passwords. The only weak spot might be the connections to my
brother-in-law's TrixBox box across the country and that's because he doesn't
believe in secure passwords. I've tried, but it's just not worth the effort.
-- Ira
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
