TFTP is inherently insecure :-) This insecurity is how I got my BroadVoice SIP UID and Pass a long time ago before they supported Asterisk, told them the MAC of my Cisco phone and just grabbed the config file off their tftp server, interesting stuff.
FireWall is your only true solution but that stops the phone from being able to be mobile. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Welter Sent: Wednesday, January 26, 2005 11:34 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [Asterisk-Users] TFTP Server Facing the Internet Since we're chatting about tftp servers... Let's say I have a new customer with Cisco 79xx phones, and he desires to SIP register on my Asterisk system. I would have to provide the SIP<mac>.cnf and SIPDefault.cnf files on my tftp server for his phones. These files would be world readable, which I don't want. Is the solution to put the tftp server behind the firewall and port redirect based on the customer's IP, or is there a better way of restricting access? Thanks, Mike _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
