On Thursday 12 November 2009 07:47:34 Lee Howard wrote: > In your sip.conf file allowguest defaults to yes. This means that > anyone that can reach the SIP ports on that system has access to make > unauthenticated calls, by default. The administrator actually has to go > in and turn it off to prevent unauthenticated SIP calls (in whatever > context [general] points at).
Actually, they only have access to your default context. Whether you make available outgoing calls in your default context is your choice. By default, there is no capability of making outgoing calls from your default context. > Does anyone else agree with me that this is a poor default? I'd like to > see the default setting changed. The purpose of the allowguest option is to allow persons to call into your system from a zero-knowledge position. This allows you to publish a general SIP address as a point of contact. The reason why it is set that way in the sample configuration is to make it easy for new users to get to that magic moment when Asterisk first responds to their call (in essence, to get the user "hooked"). > It seems to me that this default is the reason behind the > doc/security.txt bias against using the "default" context for toll calls. Correct, you should be using something like "internal" instead. -- Tilghman Lesher Digium, Inc. | Senior Software Developer twitter: Corydon76 | IRC: Corydon76-dig (Freenode) Check us out at: www.digium.com & www.asterisk.org _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
