On Feb 17, 2012, at 12:10 PM, James Babiak wrote:
> Good point about the possible CID security tisk - I didn't think about that.
> I actually provide some sanity checking already, but I should probably tweak
> it to look for possible attacks. All incoming calls go through a
> private/restricted/unknown/invalid/etc. check. If it comes up as anything
> other then a seemingly legit number, it sends it to a call screening
> application. This part:
> exten = s,n,GotoIf($[${REGEX("^[+]?[0-9]{3\,}$" ${CALLERID(num)})} !=
> 1]?unknown)
> would catch a lot (anything that doesn't start with at least a three digit
> number), but I guess someone could possibly get around it if they knew what
> they were doing.
>
> -James
That sanitizes CALLERID(num), but if CALLERID(all) is later used, then
CALLERID(name) would also need to be sanitized.
In Asterisk 1.4 the FILTER() function is more cumbersome, but still useful.
Here is an example how FILTER() can be used with both Asterisk 1.4 and 1.8.
http://doc.astlinux.org/userdoc:tt_asterisk_call_notify
Lonnie
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
