Hi,
[snip]
For example I tried to block registrations from other subnets as
follows:
[general]
...
deny=0.0.0.0/0.0.0.0 ;deny all by default?
permit=10.1.0.0/255.255.0.0 ;allow registrations from local
subnet?
you should put deny/permit PER peer as
[200]
Karl Fife schrieb:
SECURITY QUESTION SANITY CHECK:
Caps-lock key jammed?
WHAT ARE BEST PRACTICES? PLEASE CRITIQUE!
Mixed-case. All upper-case is considered shouting.
--
Philipp Kempgen
http://www.das-asterisk-buch.de - http://www.the-asterisk-book.com
Amooma GmbH - Bachstr. 126 -
SECURITY QUESTION SANITY CHECK:
If only my SIP ports and a small range of RTP ports are facing the
public internet, what is the method by which an evildoer would be able
to do fraudulent long distance on my nickel?
Would it REALLY be as simple as guessing the credentials for ANY of my
local
On Sunday 24 August 2008 14:17:47 Karl Fife wrote:
For crude IPS/IDS is there an Asterisk method to blacklist registrations
from a specific IP address after a certain number of failed registration
attempts, or would I need an SBC or IDS/IPS for that?
There is no solution in Asterisk currently,