You can also use a shared secret for authentication with an MD5 digest exchange.
That's reasonably secure. -Philip Darrick Hartman wrote: > David, > > You could use openvpn to secure the connection. MAC address > restrictions are pretty weak and easy to spoof. > > Darrick > > David Kerr wrote: > >> I would like to permit a softphone on my laptop to connect to my >> astlinux box from anywhere in the world. This would mean keeping port >> 5060 open, which is a potential security risk? Is there a way to >> restrict access by mac address? so that my softphone on *my* laptop can >> connect, but no one else's can (even if they know the extension/password. >> >> Thanks. >> David >> >> On Mon, Nov 10, 2008 at 2:40 PM, Daniel Aeberli <[EMAIL PROTECTED]> >> wrote: >> >> Hi Darrick, >> >> You right, I had miss-configured my Firewall: I open the voip ports when >> I initially was try to my Asterisk trunk working. As I now know, the >> trunk goes through a tunnel so I closed them just after my last post and >> everything still works (no duh). >> >> I still need to dig into my config (Firewall and Asterisk), I'm sure I >> have other doors wide open why I tried to get things working. >> >> Many thanks for the reply though. >> >> Daniel >> >> >> >> Darrick Hartman a écrit : >> > Daniel, >> > >> > Not necessarily. It sounds like you have the firewall misconfigured. >> > What ports are you opening? You should really only have your ssh >> port >> > and vpn port open. All others should be closed. How are these >> people >> > getting in? >> > >> > Darrick >> > >> > Daniel Aeberli wrote: >> > >> >> Sorry, just realised this is more an Astersik general question >> than a >> >> ASTLinux one ... of to search other forums... >> >> >> >> Daniel Aeberli a écrit : >> >> >> >>> Well after the brute force attack ssh login attempts, last >> month, I have >> >>> an undesirable outsider that successfully made calls from my >> ASTlinux >> >>> box. I locked out the brute force, by disabling WAN requests, >> turning of >> >>> WAN ping response and turning off ssh access, but obviously my >> box is >> >>> not secure. >> >>> >> >>> I'm not savvy enough to know how to secure by AstLinux box from >> outside >> >>> callers (hackers). I only use AstLinux to call my parents >> AstLinux box >> >>> via a VPN trunk over our ADSL lines. All my local calls go via >> ISDN line >> >>> (since I have to have it for the ADSL link and local call are >> free). >> >>> >> >>> Could someone tell me how to lock outside calls (internet / >> ADSL) from >> >>> using my ISDN lines? >> >>> >> >>> Thanks >> >>> >> >>> Daniel >> >>> >> ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED]
