LinuxMCE Forums
May 22, 2013, 06:43:52 am GMT-1 *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Rule #1 - Be Patient - Rule #2 - Don't ask when, if you don't contribute - Rule #3 - You have coding skills - LinuxMCE's small brother is available: http://www.agocontrol.com
 
   Home   Help Search Chat Login Register  
LinuxMCE Forums > LinuxMCE > Users > Stop asterisk from being hijacked
Pages: 1 [2]
« previous next »
  Print  
Author Topic: Stop asterisk from being hijacked  (Read 2607 times)
dlewis
Guru
****
Posts: 401


View Profile
« Reply #15 on: May 03, 2009, 07:59:22 pm »
Quote from: LegoGT on May 03, 2009, 06:50:30 pm
I've added an entry to /etc/hosts.allow for Asterisk and it seems to get the job done:

Code:
asterisk : proxy01.sipphone.com : allow
asterisk : 192.168.80. : allow
asterisk : localhost : allow
asterisk : ALL : deny

Before, I was able to easily connect the N800 SIP phone app from any external network and make dialed calls using default extension info (for example: 200,200). Now I can at least limit that access to specific hosts (or none at all) but I'm not sure if there are any security loopholes still open. Am I missing anything obvious by not trying to upgrade FreePBX and locking it down there?

Good points Thom... LegoGT, please still make the trac entry with the notes/comments referenced by myself and Thom.
Logged
LegoGT
Regular Poster
**
Posts: 29


View Profile WWW
« Reply #16 on: May 04, 2009, 01:08:12 am »
Quote from: dlewis on May 03, 2009, 07:59:22 pm
Quote from: LegoGT on May 03, 2009, 06:50:30 pm
I've added an entry to /etc/hosts.allow for Asterisk and it seems to get the job done:

Code:
asterisk : proxy01.sipphone.com : allow
asterisk : 192.168.80. : allow
asterisk : localhost : allow
asterisk : ALL : deny

Before, I was able to easily connect the N800 SIP phone app from any external network and make dialed calls using default extension info (for example: 200,200). Now I can at least limit that access to specific hosts (or none at all) but I'm not sure if there are any security loopholes still open. Am I missing anything obvious by not trying to upgrade FreePBX and locking it down there?

Good points Thom... LegoGT, please still make the trac entry with the notes/comments referenced by myself and Thom.

No problem. I'll add it tonight.
Logged
A brain dump of my neverending projects: http://MediumRareBrain.com
dlewis
Guru
****
Posts: 401


View Profile
« Reply #17 on: May 04, 2009, 02:12:07 pm »
A reason why we should work on the security of our asterisk installation:

http://www.usken.no/2009/03/26/get-the-password-from-any-sip-device-its-fully-possible/

Linksys SPA2102 is one of the devices they successfully penetrated.
Logged
tschak909
LinuxMCE God
****
Posts: 5101

DOES work for LinuxMCE.


View Profile
« Reply #18 on: May 04, 2009, 02:15:33 pm »
oh _yeah_

-Thom
Logged
LegoGT
Regular Poster
**
Posts: 29


View Profile WWW
« Reply #19 on: May 04, 2009, 04:11:03 pm »
This was my first submission to Trac so be easy on me! I think it's in there correctly (http://svn.linuxmce.org/trac.cgi/ticket/188) but let me know if I missed something so I can do it properly next time.
Logged
A brain dump of my neverending projects: http://MediumRareBrain.com
Pages: 1 [2]
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!