Use fail2ban. Also, read some of the security advisories from earlier
this year about being sure to always use a FILTER statement whenever you're
dialing using a variable (most notably ${EXTEN}).
http://downloads.asterisk.org/pub/security/AST-2010-002.html
Thanks Warren!!
From:
I am setting filters, etc. on variables that attackers can send asterisk
when they call (for example when they initially call into asterisk).
So far, I am filtering:
exten
CALLERID(name)
CALLERID(num)
What other fields or variables would an attacker be able to use in the
packets that they
This works. I have tested with the following settings:
In regards to the specifics of your question:
In sip.conf:
dynamic_exclude_static=yes
In users.conf, for each user (changing the permit statement to the ip of
each user):
hassip=yes
host=dynamic
registersip=yes
deny=0.0.0.0/0.0.0.0
Well, I'm not sure actually. I was attacked in June by someone who racked up
between $800 and $900 in international calls to places in the middle of
Africa, Korea, etc. So, I am motivated to secure this. I have made it much
much more secure, definitely, but am looking for as many ways to further
I've got 2 asterisk servers on the same box: ubuntu 10.04 lucid. I have not
been able to send useful callerid info between them (callerid becomes
serverB).
serverA register statement: (serverB has the exact opposite statement)
register = serverA:serverapassw...@ip_of_serverb_nic/serverB
Thanks Oliver.
I tried those approaches but they did not work.
However, I just found a workaround finally. The SIPAddHeader and SIP_HEADER
functions enabled me to get the callerid working.
Thanks again!!
From: asterisk-users-boun...@lists.digium.com
numbers to same router
On Thu, Jul 29, 2010 at 4:05 PM, jwexler jwex...@mail.usa.com wrote:
On Thu, Jul 29, 2010 at 10:15 PM, Paul Belanger wrote:
MAC Address? Are you sure? Why would your ISP care about level 2? I
could understand IP address (level 3). If this is the case, you will
need to spoof
Folks,
My isp's router limits registrations to only 1 phone number per interface
(i.e., by MAC Address).
I am struggling to get around this limitation.
In sip.conf, I have:
rt200ne=192.168.40.1
register = 3:password:usern...@192.168.40.1/phone1
register =
On Thu, Jul 29, 2010 at 10:15 PM, Paul Belanger wrote:
MAC Address? Are you sure? Why would your ISP care about level 2? I
could understand IP address (level 3). If this is the case, you will
need to spoof your MAC.
Actually, it is mind boggling that the isp even cares about restricting