Yes, but thats an alias and easily removed or changed... [?] I don't know though, a lot of Universities are publishing their sip directories. I think the whole "with me having local access to your voice vlan, let me show you how i can record your calls" type of security scare thing going on, sooner or later all of this, locally too, with be secured via TLS. I would like to see an adoptable IIETF on the whole certificate thing, but realize that is years away. Perhaps it will be easier with sip v3.0 (which is sweet and all xml as I recall), but that is also years and years away. Who knows how it will all change with IPv6...
I'm not exposing a vulnerability. SIP is vulnerable due to a very specific "basic" config, scanning for open port 5060. Behind a firewall or not... I'm simply suggesting that people consider using a different access code for the default service than *81, which is WHY it is configurable. On Wed, Sep 29, 2010 at 3:09 PM, Kyle Haefner <kyle.haef...@colostate.edu>wrote: > I really think that open SIP uris to the Internet are going to be a > short lived thing. I think that in future if you want to call someone > outside of your domain you'll need to present either a personal > certificate from a trusted third party, or a certificate signed to > your domain and your domain is signed by a TTP, before your call is > allowed to be processed on the far end. Sure, someone will always be > able to DOS (and firewall limiting will help here) you from a bot-net, > but at least a robo-call from Nigeria won't wake you up at 2Am in the > morning! > > Kyle > > Tony, a bit more complicated than this but scarily not by much :) > > #!/bin/bash > while [1] > do > sipsak -I tgrazi...@voice.myitdepartment.net > sleep 60 > done > > On Wed, Sep 29, 2010 at 12:45 PM, Tony Graziano > <tgrazi...@myitdepartment.net> wrote: > > I pointed that out specifically for you Kyle. While I agree with you, my > "spidey senses" tingle at the thought of revealing what someone has dialed > in "human speak:...". Having been one to speak to customers toll fraud back > in my carrier telecom days... > > > > In my tests, I placed a DID number on the alias for AC (Authorization > Code) feature. Something a little in between like "Enter Code" and "Thank > you, please wait" might be acceptable. I just think about toll-fraud... > > > > Which reminds me to yank that DID off of that system. So the default is > *...@sipdomain, which also means it can be used as a sip uri. So that makes > me suggesting to people that the default is too well known and to change it > if they see a lot of traffic to that uri from the internet and it is not > warranted, because now a simple pin being broken with a script can open > yourself up for toll fraud... I'm not picking, just pointing out the > obvious. > > > > I know people wanted this feature, but shouldn't there should be a way to > protect it? An alarm that sends an email if there are numerous improper > attempts in a short time period. Once it is installed, there is no way to > disable the service, only to uninstall the package. It's not selectable as a > role, and maybe it shouldn't be a role, but maybe you should be able to > disable it whether it is installed or not. > > > > So if you use it, consider changing the default code from *81 to > something a little less obvious. Sometimes a little obscurity is OK. > > > > All this "spidey sense" stuff has made me want to go stare at my "Red > Hulk" comic book for a while... > > > > > > On Wed, Sep 29, 2010 at 2:22 PM, Kyle Haefner < > kyle.haef...@colostate.edu<mailto:kyle.haef...@colostate.edu>> wrote: > > See what I mean, beeps aren't always that obvious? :) > > > > On Wed, Sep 29, 2010 at 12:01 PM, Tony Graziano > > <tgrazi...@myitdepartment.net<mailto:tgrazi...@myitdepartment.net>> > wrote: > >> Nevermind. It was a PICNIC issue. I forgot to use the daned access code! > That's what those two beeps mean... > >> > >> (I smacked the back of my head for that one). > >> > >> On Wed, Sep 29, 2010 at 1:55 PM, Douglas Hubler <dhub...@ezuce.com > <mailto:dhub...@ezuce.com><mailto:dhub...@ezuce.com<mailto: > dhub...@ezuce.com>>> wrote: > >> On Wed, Sep 29, 2010 at 1:50 PM, Tony Graziano > >> <tgrazi...@myitdepartment.net<mailto:tgrazi...@myitdepartment.net > ><mailto:tgrazi...@myitdepartment.net<mailto:tgrazi...@myitdepartment.net>>> > wrote: > >>> I find dialing media services is an issue (VM or AA). > >>> > >>> Dialinf internal users and pstn numbers seem fine. I get two beeps > dialing > >>> media services. > >>> > >>> Should that work? > >> > >> Should, can you post back the offending log entries. > >> _______________________________________________ > >> sipx-users mailing list > >> sipx-users@list.sipfoundry.org<mailto:sipx-users@list.sipfoundry.org > ><mailto:sipx-users@list.sipfoundry.org<mailto: > sipx-users@list.sipfoundry.org>> > >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ > >> > >> > >> > >> -- > >> ====================== > >> Tony Graziano, Manager > >> Telephone: 434.984.8430 > >> sip: tgrazi...@voice.myitdepartment.net<mailto: > tgrazi...@voice.myitdepartment.net><mailto: > tgrazi...@voice.myitdepartment.net<mailto: > tgrazi...@voice.myitdepartment.net>> > >> Fax: 434.984.8431 > >> > >> Email: tgrazi...@myitdepartment.net<mailto:tgrazi...@myitdepartment.net > ><mailto:tgrazi...@myitdepartment.net<mailto:tgrazi...@myitdepartment.net > >> > >> > >> LAN/Telephony/Security and Control Systems Helpdesk: > >> Telephone: 434.984.8426 > >> sip: helpd...@voice.myitdepartment.net<mailto: > helpd...@voice.myitdepartment.net><mailto: > helpd...@voice.myitdepartment.net<mailto:helpd...@voice.myitdepartment.net > >> > >> Fax: 434.984.8427 > >> > >> Helpdesk Contract Customers: > >> http://www.myitdepartment.net/gethelp/ > >> > >> Why do mathematicians always confuse Halloween and Christmas? > >> Because 31 Oct = 25 Dec. > >> > >> > > > > > > > > -- > > ====================== > > Tony Graziano, Manager > > Telephone: 434.984.8430 > > sip: tgrazi...@voice.myitdepartment.net<mailto: > tgrazi...@voice.myitdepartment.net> > > Fax: 434.984.8431 > > > > Email: tgrazi...@myitdepartment.net<mailto:tgrazi...@myitdepartment.net> > > > > LAN/Telephony/Security and Control Systems Helpdesk: > > Telephone: 434.984.8426 > > sip: helpd...@voice.myitdepartment.net<mailto: > helpd...@voice.myitdepartment.net> > > Fax: 434.984.8427 > > > > Helpdesk Contract Customers: > > http://www.myitdepartment.net/gethelp/ > > > > Why do mathematicians always confuse Halloween and Christmas? > > Because 31 Oct = 25 Dec. > > > > > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: tgrazi...@voice.myitdepartment.net Fax: 434.984.8431 Email: tgrazi...@myitdepartment.net LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: helpd...@voice.myitdepartment.net Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec.
<<330.gif>>
_______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/
