I used the sip-voip plugin. It worked fine. However, security is not enough, it seems to me. I am experiencing hacker attacks on the open port 5060.
So, I am wondering, what could be a better solution. Maybe would be interesting to not use port 5060 for external devices. Then the firewall would need to convert it to 5060 for incoming connections. Is this possible? Thanks Michael P.S.: Attacks come from 204.119.22.247, trying dozens of username/password combinations per second. Just a matter of time until they find a valid combination. At the moment, I blocked all external devices (there are only two anyway). Philip Prindeville wrote: > On 7/11/10 12:13 PM, Lonnie Abelbeck wrote: >> On Jul 11, 2010, at 1:04 PM, Philip Prindeville wrote: >> >> >>>> Pass EXT->Local | UDP | Source: 0/0 | Port: 10000-20000 >>>> >>>> (The port range here should exactly match your /etc/asterisk/rtp.conf >>>> rtpstart-rtpend port range. Alternatively you can enable the >>>> 'sip-voip' plugin, but personally I keep the 'sip-voip' plugin disabled >>>> and use the above firewall rule.) >>>> >>>> Hope this helps. >>>> >>>> Lonnie >>>> >>>> >>> The problem with this is it opens up ALL ports 10000-20000, not just >>> those that are being used by RTP. >>> >>> I really, really recommend using the SIP-VOIP plugin instead. >>> >>> -Philip >>> >> In practice I use a *much* smaller port range for RTP, rather than the >> default 10000-20000. >> >> Opening a very small UDP port range for RTP is not a problem for me. >> >> Yes, I know you like the "sip-voip" plugin. :-) >> >> Lonnie >> > > What's not to like about it? :-) > > More to the point, I like exposing only the barest minimal attack > surfaces whenever I can. > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
