I think just renaming the [default] to [public] or [unautorized], and a comment
saying
Don't put outgoing calls in this context, as unauthorized users, even from
outside, are routed here by default.
would be enough.
I'm not sure if local phones should automatically be routed to a [local]
I basically agree, but I couldn't resist:
On Fri, Nov 13, 2009 at 09:51:59AM +0100, Leif Neland wrote:
Why should my call (and my money) go from my desk via my ip-pabc to
my voisp possibly through pstn (through echelon) to your voisp to
your ip-pabc to your desk, when it could go from my
In your sip.conf file allowguest defaults to yes. This means that
anyone that can reach the SIP ports on that system has access to make
unauthenticated calls, by default. The administrator actually has to go
in and turn it off to prevent unauthenticated SIP calls (in whatever
context
Lee Howard wrote:
Does anyone else agree with me that this is a poor default? I'd like to
see the default setting changed.
I've always considered it to be good practice that something that may
leave your system vulnerable, should be disabled by default.
So yes, I would agree.
Doug
--
Lee Howard a écrit :
In your sip.conf file allowguest defaults to yes. This means that
anyone that can reach the SIP ports on that system has access to make
unauthenticated calls, by default. The administrator actually has to go
in and turn it off to prevent unauthenticated SIP calls (in
: Thursday, November 12, 2009 8:42 AM
To: asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] allowguest defaults to yes for SIP
Lee Howard a écrit :
In your sip.conf file allowguest defaults to yes. This means that
anyone that can reach the SIP ports on that system has access to make
-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Danny Nicholas
Sent: 12 November 2009 14:46
To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: Re: [asterisk-users] allowguest defaults to yes for SIP
Just my .02 - the guest context should
...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Dan Journo
Sent: Thursday, November 12, 2009 9:01 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] allowguest defaults to yes for SIP
Am I correct in saying that the without
On Thursday 12 November 2009 08:59:16 Danny Nicholas wrote:
Without the allowguest=no, Asterisk doesn't put up any defense against an
unauthorized guest. You still have NAT/Firewall/IPTABLE defenses, for
what they are worth. The trick is to get what you need without allowing
what you don't
On Thursday 12 November 2009 09:00:45 Dan Journo wrote:
Am I correct in saying that the without allowguest=no anyone can connect
and make calls through the default context?
If allowguest is set to no, how can I ensure that incoming calls can still
be received from our DDI supplier?
You're
On Thursday 12 November 2009 07:47:34 Lee Howard wrote:
In your sip.conf file allowguest defaults to yes. This means that
anyone that can reach the SIP ports on that system has access to make
unauthenticated calls, by default. The administrator actually has to go
in and turn it off to
Tilghman Lesher wrote:
On Thursday 12 November 2009 07:47:34 Lee Howard wrote:
In your sip.conf file allowguest defaults to yes. This means that
anyone that can reach the SIP ports on that system has access to make
unauthenticated calls, by default. The administrator actually has to go
On Thursday 12 November 2009 09:53:17 Lee Howard wrote:
Tilghman Lesher wrote:
On Thursday 12 November 2009 07:47:34 Lee Howard wrote:
In your sip.conf file allowguest defaults to yes. This means that
anyone that can reach the SIP ports on that system has access to make
unauthenticated
Tilghman Lesher wrote:
On Thursday 12 November 2009 09:53:17 Lee Howard wrote:
These people should need to deliberately use allowguest=yes. I would
venture to guess that these people already know who they are and
deliberately have this set. I would venture to guess that there are
far, far
On Thursday 12 November 2009 12:08:39 Lee Howard wrote:
Tilghman Lesher wrote:
On Thursday 12 November 2009 09:53:17 Lee Howard wrote:
And yet this point is not even made clear in the doc/security.txt file.
It says to not use default for anything you don't want to get abused,
but it
Tilghman Lesher wrote:
The issue in question was suspended, while the reporter makes the case on the
Asterisk-dev mailing list, which is not this list. The opinions there
amongst
contributors (meritocracy, not democracy) are that keeping the sample
configuration as it is now is probably
...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Lee Howard
Sent: Thursday, November 12, 2009 12:48 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] allowguest defaults to yes for SIP
Tilghman Lesher wrote:
The issue in question
Danny Nicholas wrote:
Gentlemens clubs usually don't have any. While LH probably has a valid
point, jumping on Til isn't the way to bring it home. You can't protect the
stupid or lazy from themselves. If you can't do this right, pay someone
else to.
You're suggesting that if I pay someone
...@lists.digium.com] On Behalf Of Lee Howard
Sent: Thursday, November 12, 2009 12:48 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] allowguest defaults to yes for SIP
Tilghman Lesher wrote:
The issue in question was suspended, while the reporter
12, 2009 1:16 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] allowguest defaults to yes for SIP
Danny Nicholas wrote:
Gentlemens clubs usually don't have any. While LH probably has a valid
point, jumping on Til isn't the way to bring it home. You
On 11:16, Thu 12 Nov 09, Lee Howard wrote:
Danny Nicholas wrote:
Gentlemens clubs usually don't have any. While LH probably has a valid
point, jumping on Til isn't the way to bring it home. You can't protect the
stupid or lazy from themselves. If you can't do this right, pay someone
Michiel van Baak wrote:
When I started working with asterisk, and found my first issue, I
created a patch, put it on the tracker, followed up on the comments, and
stuff got in.
I'm sincerely pleased to know that you've had a different experience
than have I.
If you read the page about
On 13/11/09 3:59 AM, Danny Nicholas wrote:
Without the allowguest=no, Asterisk doesn't put up any defense against an
unauthorized guest. You still have NAT/Firewall/IPTABLE defenses, for
what they are worth. The trick is to get what you need without allowing
what you don't want.
A slight
On 13/11/09 8:30 AM, SIP wrote:
Eh... if VoIP fraud weren't so rampant, and I didn't constantly see
mailings to the Asterisk list about How do I secure my system from the
people who've been costing me tons of money lately, I would say that
having a lax stance on security in exchange for
On 13/11/09 9:37 AM, Lee Howard wrote:
Michiel van Baak wrote:
When I started working with asterisk, and found my first issue, I
created a patch, put it on the tracker, followed up on the comments, and
stuff got in.
I'm sincerely pleased to know that you've had a different experience
than
On Fri, Nov 13, 2009 at 12:19:54PM +1300, Matt Riddell wrote:
Maybe the best way would be to make it that the default context only
provides the info from the examples unless you provide an option:
read_security_document=yes
Asterisk used to require that you set have 'TELEPHONY=yes' in
On 13/11/09 12:33 PM, Tzafrir Cohen wrote:
On Fri, Nov 13, 2009 at 12:19:54PM +1300, Matt Riddell wrote:
Maybe the best way would be to make it that the default context only
provides the info from the examples unless you provide an option:
read_security_document=yes
Asterisk used to
-Original Message-
From: asterisk-users-boun...@lists.digium.com
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Lee Howard
Sent: Friday, 13 November 2009 06:16
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] allowguest defaults
On 12:38, Fri 13 Nov 09, Matt Riddell wrote:
On 13/11/09 12:33 PM, Tzafrir Cohen wrote:
On Fri, Nov 13, 2009 at 12:19:54PM +1300, Matt Riddell wrote:
Maybe the best way would be to make it that the default context only
provides the info from the examples unless you provide an option:
On Fri, Nov 13, 2009 at 12:38:22PM +1300, Matt Riddell wrote:
On 13/11/09 12:33 PM, Tzafrir Cohen wrote:
On Fri, Nov 13, 2009 at 12:19:54PM +1300, Matt Riddell wrote:
Maybe the best way would be to make it that the default context only
provides the info from the examples unless you
Michael Wyres wrote:
The way I see it, the reason you have encountered some resistance to your
opinion in regards to whether guest access should be allowed by default or
should not be, is not because your opinion is right or wrong - everyone
is entitled to an opinion - and your stance has
31 matches
Mail list logo