Monday, September 7, 2009

Re: [asterisk-biz] Hacker's attack on Asterisk

I guess you don't want people to be able to call you via an enum gateway
then...

The problem isnt in accepting anonymous/"guest" calls... The problem is not
having them properly contained so that they can only route where you want
them to route to

Also you must use some sane username/password policies for your sip
credentials... Using exten 1000 w/ a password of 1000, or password or 1234
or something equally silly is asking to get hacked...

Remember, always treat the passwords for sip the same as you would any other
passwords make them long and complex... Sure someone could brute force them
but its a lot harder to brute force a 10 character password that uses mixed
case alphas, numerics and punctuation symbols


> From: Matt Riddell <lists@venturevoip.com>
> Reply-To: Commercial and Business-Oriented Asterisk Discussion
> <asterisk-biz@lists.digium.com>
> Date: Tue, 08 Sep 2009 16:23:51 +1200
> To: Commercial and Business-Oriented Asterisk Discussion
> <asterisk-biz@lists.digium.com>
> Subject: Re: [asterisk-biz] Hacker's attack on Asterisk
>
> On 8/09/09 4:09 PM, Alex Balashov wrote:
>> Never, ever accept anonymous/"guest" calls. For any reason. Ever.
>> Doesn't matter what the reason is. Just don't.
>
> Honeypot?
>
> --
> Cheers,
>
> Matt Riddell
> Director
> _______________________________________________
>
> http://www.venturevoip.com/news.php (Daily Asterisk News)
> http://www.venturevoip.com/st.php (SmoothTorque Predictive Dialer)
> http://www.venturevoip.com/c3.php (ConduIT3 PABX Systems)
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> AstriCon 2009 - October 13 - 15 Phoenix, Arizona
> Register Now: http://www.astricon.net
>
> asterisk-biz mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-biz

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

AstriCon 2009 - October 13 - 15 Phoenix, Arizona
Register Now: http://www.astricon.net

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)