A proper sbc goes a long way... On Aug 3, 2011 6:23 PM, "Robin Gill" <[email protected]> wrote: > > Content-Type: text/plain; > charset="utf-8" > Content-Transfer-Encoding: 8bit > Organization: SipXecs Forum > In-Reply-To: <[email protected]> > X-FUDforum: 08063afcdd00a6e76393c5b9527381e8 <62006> > Message-ID: <[email protected]> > > > > I have been wondering the same thing - I've seen a few > missed calls from strange numbers and actually wiresharked a > hack attempt - I'm guessing the recommendation to port > forward 5060 to the server is the weakness. > > I'm wondering if this is for remote phones and/or itsp's > that don't initialise on registration? > > As much as you can only make calls to internal extensions > without registering, there are tools that scan ip ranges and > make test calls to various common extension names and log > and succesful test calls. The list is presented to a human > operator who can then get the computer to brute force for > passwords. Once they've done that you pay for their calls. > Look up sipvicious for a bit more info. > > Some hack protection in sipx would be lovely but I suppose > really we should be thinking about that at firewall level > imho. > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
