In your sip.conf file allowguest defaults to yes. This means that anyone that can reach the SIP ports on that system has access to make unauthenticated calls, by default. The administrator actually has to go in and turn it off to prevent unauthenticated SIP calls (in whatever context [general] points at).
Does anyone else agree with me that this is a poor default? I'd like to see the default setting changed. It seems to me that this default is the reason behind the doc/security.txt bias against using the "default" context for toll calls. Thanks, Lee. _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
