Asterisk hacked

[m3freak]

This little lesson has taught me that what is installed default in lmce is a real security nightmare...

It's the reason why I refused to make LinuxMCE my home network's gateway/firewall.  LMCE is a big beast and I don't know enough about it to trust it.

[bongowongo]

It's the reason why I refused to make LinuxMCE my home network's gateway/firewall.  LMCE is a big beast and I don't know enough about it to trust it.

I have the same, so how can we catagorize or solve this problem?

[m3freak]

I have the same, so how can we catagorize or solve this problem?

I've been working with Asterisk for over 7 years, but I haven't done an actual dial plan config for 5!  I don't know how many of the old ways to lock down the system would still work.  I think I still remember enough to understand the various options so I'm not worried about having an insecure setup (whenever I get to it).

What I used to run was solid.  I remember seeing attempts at cracking the PBX. My dial plan was built in such a way it prevented random people from gaining access to long distance.

I think joining the Asterisk mail list might be a good option.  Failing that, research, research, and study until you drop.  It'll be the only to understand how Asterisk is configured and how to change it.

Question: does LinuxMCE use plain old Asterisk, or a bunch of different apps that help administrating an Asterisk system easier?  I haven't looked into LinuxMCE's telephony feature set, at all.

[Marie.O]

We use plain Asterisk. The configuration up to 810 is done using freepbx scripts called by various LinuxMCE scripts. In 1004 we are using realtime database controlled directly by our scripts.