On Tue, Mar 10, 2009 at 7:15 AM, Trixter aka Bret McDanel <trixter@0xdecafbad.com> wrote:
I think nat=yes mitigates these security risks (and makes things MUCH easier to configure and maintain.)
Logic seems sound and I have never had any issues with remote or local phones, so I still vote nat=yes becomes the default.
http://www.mail-archive.com/asterisk-users@lists.digium.com/msg214006.html
On Tue, 2009-03-10 at 04:52 -0400, voip-asterisk@maximumcrm.com wrote:well if they do it right they dont have to do that, but that does make a
> Of course everyone running Asterisk can get 3 humans to monitor the logs
> 24/7 for the signs of an attack.
>
good argument of why no one should monitor their logs ever, oh wait no
it doesnt.
yes, several in fact. I even wrote a program that would "smurf" from
> Has anyone actually seen an attack with spoofed IPs anyways?
asterisk and other platforms which relied on spoofed IPs to get the
asterisk box to send data to the victim IP, so I am fairly certain that
such things do exist.
--
Trixter http://www.0xdecafbad.com Bret McDanel
pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721
I think nat=yes mitigates these security risks (and makes things MUCH easier to configure and maintain.)
Logic seems sound and I have never had any issues with remote or local phones, so I still vote nat=yes becomes the default.
http://www.mail-archive.com/asterisk-users@lists.digium.com/msg214006.html
--
Thanks,
Steve Totaro
+18887771888 (Toll Free)
+12409381212 (Cell)
+12024369784 (Skype)
Posts
No comments:
Post a Comment