HI. martin. I have seen that you said that if is SIP you should set
allowguest=no so where does that command should be set ? in arnot firewall
or where ? i am insterested in put that extra protection an havent seen
where is the default yes
On Sun, Nov 16, 2008 at 3:51 AM, Martin Rogers <[EMAIL PROTECTED]
> wrote:
> If you are using SIP you should also be paranoid and set allowguest=no,
> as this defaults to yes.
>
> Mart
>
> Philip Prindeville wrote:
> > You can also use a shared secret for authentication with an MD5 digest
> > exchange.
> >
> > That's reasonably secure.
> >
> > -Philip
> >
> >
> > Darrick Hartman wrote:
> >> David,
> >>
> >> You could use openvpn to secure the connection. MAC address
> >> restrictions are pretty weak and easy to spoof.
> >>
> >> Darrick
> >>
> >> David Kerr wrote:
> >>
> >>> I would like to permit a softphone on my laptop to connect to my
> >>> astlinux box from anywhere in the world. This would mean keeping port
> >>> 5060 open, which is a potential security risk? Is there a way to
> >>> restrict access by mac address? so that my softphone on *my* laptop can
> >>> connect, but no one else's can (even if they know the
> extension/password.
> >>>
> >>> Thanks.
> >>> David
> >>>
> >>> On Mon, Nov 10, 2008 at 2:40 PM, Daniel Aeberli <[EMAIL PROTECTED]>
> >>> wrote:
> >>>
> >>> Hi Darrick,
> >>>
> >>> You right, I had miss-configured my Firewall: I open the voip ports
> when
> >>> I initially was try to my Asterisk trunk working. As I now know,
> the
> >>> trunk goes through a tunnel so I closed them just after my last
> post and
> >>> everything still works (no duh).
> >>>
> >>> I still need to dig into my config (Firewall and Asterisk), I'm
> sure I
> >>> have other doors wide open why I tried to get things working.
> >>>
> >>> Many thanks for the reply though.
> >>>
> >>> Daniel
> >>>
> >>>
> >>>
> >>> Darrick Hartman a écrit :
> >>> > Daniel,
> >>> >
> >>> > Not necessarily. It sounds like you have the firewall
> misconfigured.
> >>> > What ports are you opening? You should really only have your
> ssh
> >>> port
> >>> > and vpn port open. All others should be closed. How are these
> >>> people
> >>> > getting in?
> >>> >
> >>> > Darrick
> >>> >
> >>> > Daniel Aeberli wrote:
> >>> >
> >>> >> Sorry, just realised this is more an Astersik general question
> >>> than a
> >>> >> ASTLinux one ... of to search other forums...
> >>> >>
> >>> >> Daniel Aeberli a écrit :
> >>> >>
> >>> >>> Well after the brute force attack ssh login attempts, last
> >>> month, I have
> >>> >>> an undesirable outsider that successfully made calls from my
> >>> ASTlinux
> >>> >>> box. I locked out the brute force, by disabling WAN requests,
> >>> turning of
> >>> >>> WAN ping response and turning off ssh access, but obviously
> my
> >>> box is
> >>> >>> not secure.
> >>> >>>
> >>> >>> I'm not savvy enough to know how to secure by AstLinux box
> from
> >>> outside
> >>> >>> callers (hackers). I only use AstLinux to call my parents
> >>> AstLinux box
> >>> >>> via a VPN trunk over our ADSL lines. All my local calls go via
> >>> ISDN line
> >>> >>> (since I have to have it for the ADSL link and local call are
> >>> free).
> >>> >>>
> >>> >>> Could someone tell me how to lock outside calls (internet /
> >>> ADSL) from
> >>> >>> using my ISDN lines?
> >>> >>>
> >>> >>> Thanks
> >>> >>>
> >>> >>> Daniel
> >>> >>>
> >>>
> >
> >
> > -------------------------------------------------------------------------
> > This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> > Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> > Grand prize is a trip for two to an Open Source event anywhere in the
> world
> > http://moblin-contest.org/redirect.php?banner_id=100&url=/
> > _______________________________________________
> > Astlinux-users mailing list
> > Astlinux-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/astlinux-users
> >
> > Donations to support AstLinux are graciously accepted via PayPal to
> [EMAIL PROTECTED]
> >
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> [EMAIL PROTECTED]
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to [EMAIL
PROTECTED]