I should have prefaced that with "older installations" as well. As far as we can see, most of the newer packages have fixed the known truck-sized holes in their default configurations, but given the lack of any formal framework for testing this stuff, even the "big" switches have been found to have security issues from time to time. I have to admit I was surprised at the number of people I've run into over the years who unpacked Asterisk, played with a few phones, and stuck themselves on the Internet without any clear understanding of how exposed they are. Cheers, David. ----- On Fri, 5 Feb 2010, Brandon Ewing wrote:
On Fri, Feb 05, 2010 at 12:45:13PM -0500, David Birnbaum wrote:
We have noticed a lot of issues with Asterisk 1.2 and some 1.4 rollouts. FreePBX had some truck-sized holes in it.
FreePBX 2.6.0 defaults to refusing anonymous SIP calls. If you enable inbound anonymous calls, it includes only the "from-trunk" context, making it behave like a standard incoming over over a configured trunk. If you've configured FreePBX to allow outgoing calls from the trunk context, you have larger problems in general.
-- Brandon Ewing (nicotine@warningg.com)