HI. is anyway to Deactivate the firewall in 6.2 version astlinux ? because
all incoming calls get busy signal. so I dont know if by default all
incoming traffic is blocked and I need to allow a call pass thru. so want to
deactivate firewall to see if the calls get answered normal way. by the way
On Dec 1, 2008, at 11:53 PM, Martin Rogers wrote:
Tod Fitch wrote:
On Dec 1, 2008, at 3:58 PM, Jose Colin wrote:
HI. martin. I have seen that you said that if is SIP you should set
allowguest=no so where does that command should be set ? in arnot
firewall or where ? i am insterested in
If you allow calls to your default context to be relayed back out then
you can be in a position where unregistered entities can use your
machine to make free calls. I guess this is a security issue.
Certainly that can be an issue that one should be careful of when
setting up a PBX.
But
Martin Rogers wrote:
If you allow calls to your default context to be relayed back out then
you can be in a position where unregistered entities can use your
machine to make free calls. I guess this is a security issue.
Certainly that can be an issue that one should be careful of when
On 12/2/08, Tod Fitch [EMAIL PROTECTED] wrote:
If you allow calls to your default context to be relayed back out then you
can be in a position where unregistered entities can use your machine to
make free calls. I guess this is a security issue. Certainly that can be
an issue that one should
HI. martin. I have seen that you said that if is SIP you should set
allowguest=no so where does that command should be set ? in arnot firewall
or where ? i am insterested in put that extra protection an havent seen
where is the default yes
On Sun, Nov 16, 2008 at 3:51 AM, Martin Rogers [EMAIL
HI. one question. each time that I reboot the astlinux box. it appears
diferent NTP Network Session on remote and refid ? anyone know why it
appears these.
is a security breach ? or why I see each time. diferent remote address
appears on my status. I reboot 5 times in less than 10 minutes an
Tod Fitch wrote:
On Dec 1, 2008, at 3:58 PM, Jose Colin wrote:
HI. martin. I have seen that you said that if is SIP you should set
allowguest=no so where does that command should be set ? in arnot
firewall or where ? i am insterested in put that extra protection an
havent seen where is
Mart,
everything is on Asterisk box (I am using it as a router also, ADSL
router is only used as a bridge). I prefer all-in-one setup, though
many argue that it is better to have dedicated machines, but that is
impractical for obvious reasons.
I am not using Astlinux in this case (I had a
Niksa
could you please advise which model of router you have got working with
OpenVPN. Also can you confirm that you are running the VPN on the PBX
rather itself than in front of it (e.g. rather than on its own router in
box-to-box vpn mode).
Out of interest, if you are running it on the PBX did
Mart
You can configure many of the settings for Openvpn through later versions of
the gui. I believe you still need to do the openssl key generation on the
command line.
If you have two static endpoints the racoon ipsec implementation may be better,
especially for traffic shaping.
One more
.
+1.732.786.8830 x120
-Original Message-
From: Martin Rogers [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 19, 2008 2:56 AM
To: AstLinux Users Mailing List
Subject: Re: [Astlinux-users] Securing Astlinux 0.6.1
Darrick,
interesting point about the VPN. I have to have three classes of port
In addition to adding the non root user, i would suggest to install a daemon
like
* fail2ban (http://www.fail2ban.org)
It checks the log for failed (ssh) login attempts and block the originators ip
address for a while. This blocks script kiddies after a few failed login
attempts.
Jean-Paul wrote:
In addition to adding the non root user, i would suggest to install a daemon
like
* fail2ban (http://www.fail2ban.org)
It checks the log for failed (ssh) login attempts and block the originators
ip address for a while. This blocks script kiddies after a few failed
Encryption shouldn't add more than 2ms. I have it on my Sipura SPA-94x
phones.
Or, if your phones are being a router, the router can do the encryption
for you.
Encryption is a bounded delay, and it's very constant, so jitter (which
is as important as delay, and the delay is negligible in
Gah. Meant to say behind a router...
Philip Prindeville wrote:
Encryption shouldn't add more than 2ms. I have it on my Sipura SPA-94x
phones.
Or, if your phones are being a router, the router can do the encryption
for you.
Encryption is a bounded delay, and it's very constant, so
Many thanks to all who have contributed to this thread.
Some interesting comments to think about.
Mart
Philip Prindeville wrote:
Gah. Meant to say behind a router...
Philip Prindeville wrote:
Encryption shouldn't add more than 2ms. I have it on my Sipura SPA-94x
phones.
Or, if your
Does anyone no where these messages in the log come from?
chan_misdn.c:2448 in misdn_hangup: MISDN_USERUSER: FAX MAG
Is this someone trying to use my * box?
Daniel
Martin Rogers a écrit :
If you are using SIP you should also be paranoid and set allowguest=no,
as this defaults to yes.
Mart
If you are using SIP you should also be paranoid and set allowguest=no,
as this defaults to yes.
Mart
Philip Prindeville wrote:
You can also use a shared secret for authentication with an MD5 digest
exchange.
That's reasonably secure.
-Philip
Darrick Hartman wrote:
David,
You
Sorry, just realised this is more an Astersik general question than a
ASTLinux one ... of to search other forums...
Daniel Aeberli a écrit :
Well after the brute force attack ssh login attempts, last month, I have
an undesirable outsider that successfully made calls from my ASTlinux
box. I
Daniel,
Not necessarily. It sounds like you have the firewall misconfigured.
What ports are you opening? You should really only have your ssh port
and vpn port open. All others should be closed. How are these people
getting in?
Darrick
Daniel Aeberli wrote:
Sorry, just realised this is
Hi Darrick,
You right, I had miss-configured my Firewall: I open the voip ports when
I initially was try to my Asterisk trunk working. As I now know, the
trunk goes through a tunnel so I closed them just after my last post and
everything still works (no duh).
I still need to dig into my
22 matches
Mail list logo