On 11-07-23 01:38 PM, CDR wrote:
I beg to differ. Digium is hiding from the real world and somebody is
going take the software and run with it. My customers lost in excess
of $50.000 and cut my pay in half, because of hackers. The hackers
figured out how to scan every asterisk for weak passwords or open
ports, and bang them real good. We need two things: a) disable in
sip.conf the reply for INVITES that have wrong user information, and
also, b) disable any response to any REGISTER packet altogether. Can
somebody please write patch? Or should we go broke trying to stop the
flood of criminals coming from abroad?
Federico
I'm not sure I understand your statement. Because your customer was
hacked for $50,000 and your pay was cut in half, it is a result of
Digium (or the Asterisk project) 'hiding from the real world'?
Your previous point aside, may I ask how your client solved the problem?
I'm assuming they are still operating an Asterisk box without the
patches you have requested.
--
Paul Belanger
Digium, Inc. | Software Developer
twitter: pabelanger | IRC: pabelanger (Freenode)
Check us out at: http://digium.com & http://asterisk.org
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
