Henry Jensen
2004-Sep-08 01:31 UTC
[Asterisk-Users] Newbie: Only allow authenticated users to call
I made the observation that I'm able to make a call with my SIP client (kphone) even when I'm not registered/authenticated. Of course, when I'm not registered at asterisk, people can't call me, but it's still a huge security hole, that unregistered Clients can make calls. Is there a way to tell asterisk to only allow registered clients making calls? I know about the "Anti Ex Girlfriend" function, but this is not what I want. Regrads, Henry
Benjamin on Asterisk Mailing Lists
2004-Sep-08 01:42 UTC
[Asterisk-Users] Newbie: Only allow authenticated users to call
On Wed, 8 Sep 2004 10:31:44 +0200, Henry Jensen <hjensen@gmx.de> wrote:> I made the observation that I'm able to make a call with my SIP client (kphone) even when I'm > not registered/authenticated. > > Of course, when I'm not registered at asterisk, people can't call me, but it's still a huge security > hole, that unregistered Clients can make calls.Make sure you don't include your default context anywhere you don't want unregistered callers to have access to. This also means you shouldn't have any extensions in your default context that you don't want unregistered callers to have access to. rgds benjk -- Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Tokyo, Japan. NB: Spam filters in place. Messages unrelated to the * mailing lists may get trashed.
Bill Seddon
2004-Sep-08 01:46 UTC
[Asterisk-Users] Newbie: Only allow authenticated users to call
I'm wondering if you are confusing two ideas. It has to be possible for anyone to be able to call you just like they can on an ordinary POTS line. Registration is for those who need to appear in some sense "internal" to the PBX. Using dialplan contexts you can offer very different functionality to callers who are registered versus those who are "just calling". For example, you might assign all registered users to a context call "internal" and provide access to all the dial plans. You might set the context of all non-registered callers to an "external" dialplan context. The internal context might provide access to all the telephony services an internal user might expect (eg dial 7 to get to voicemail automatically). The external context might direct a caller to the operator or to a voice prompt. Optionally, you might provide an extension for voicemail so that external employees calling from home or a client site can get to their messages. Clearly the caller will need to be prompted for a voice mail box and password but that's covered by the voicemail system. Bill Seddon Lyquidity Solutions -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Henry Jensen Sent: September 08, 2004 9:32 AM To: asterisk-users@lists.digium.com Subject: [Asterisk-Users] Newbie: Only allow authenticated users to call I made the observation that I'm able to make a call with my SIP client (kphone) even when I'm not registered/authenticated. Of course, when I'm not registered at asterisk, people can't call me, but it's still a huge security hole, that unregistered Clients can make calls. Is there a way to tell asterisk to only allow registered clients making calls? I know about the "Anti Ex Girlfriend" function, but this is not what I want. Regrads, Henry _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Eric Wieling
2004-Sep-08 08:44 UTC
[Asterisk-Users] Newbie: Only allow authenticated users to call
Update to latest CVS and/or put context=INVALID in [general] in sip.conf and in each peer/user/friend entry put in a correct context= line. On Wed, 2004-09-08 at 03:31, Henry Jensen wrote:> I made the observation that I'm able to make a call with my SIP client (kphone) even when I'm not > registered/authenticated. > > Of course, when I'm not registered at asterisk, people can't call me, but it's still a huge security hole, > that unregistered Clients can make calls. > > Is there a way to tell asterisk to only allow registered clients making calls? I know about the "Anti Ex > Girlfriend" function, but this is not what I want. > > > Regrads, > Henry > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users-- Eric Wieling * BTEL Consulting * 504-899-1387 x2111 "In a related story, the IRS has recently ruled that the cost of Windows upgrades can NOT be deducted as a gambling loss."