> -----Original Message----- > From: [email protected] [mailto:asterisk-users- > [email protected]] On Behalf Of CDR > Sent: Saturday, July 23, 2011 1:39 PM > To: [email protected] > Subject: [asterisk-users] Securing Asterisk > > I beg to differ. Digium is hiding from the real world and somebody is going > take the software and run with it. My customers lost in excess of $50.000 and > cut my pay in half, because of hackers. The hackers figured out how to scan > every asterisk for weak passwords or open ports, and bang them real good. > We need two things: a) disable in sip.conf the reply for INVITES that have > wrong user information, and also, b) disable any response to any REGISTER > packet altogether. Can somebody please write patch? Or should we go > broke trying to stop the flood of criminals coming from abroad? > Federico
We use fail2ban to prevent brute force password hacking. We don't allow weak passwords. This isn't rocket science. -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
