On Tue, Nov 23, 2010 at 06:51:37PM -0500, John Novack wrote: > You should also have, in general: > > alwaysauthreject=yes > This seems pretty effective in stopping some hacking > These are simple fixes.
I found it very effective to make sure the handled sip domains don't contain the ipadress(es) of your internet connection(s), by only explicitly listing internal ipadresses and hostnames. e.g.: domain=10.2.3.4 domain=sip.example.com The standard scanners will get a "Not a local domain" error, since they only try the external ipadress to connect (for now). -- Daniel Tryba -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
