CDR wrote: > > The point is that a minor change in the code would have a dramatic > effect on security, and carry a lower impact on CPU that using > Iptables. The simplicity of the change cannot understated.
You're in luck. Since Asterisk is open source, you can make the unbelievably simple change yourself. If you make it configurable and default it to "no" (so as not to break backwards compatibility, not to mention RFC compliance), it may even get accepted into Asterisk so that you won't have to maintain your own patchset. This feature would actually be a bit like "alwaysauthreject" in that it breaks RFC compliance for the sake of security, so it's not a completely lost cause. However, pining away on a mailing list about how simple the work would be instead of doing it yourself is. Regards, Matthew Roth ============= And, I suspect someone somewhere would do it for a $25 bounty, and the original poster could save $50,000 in telecom billings and email time. :-) CF -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users