How common are wide open SIP gateways?

David Birnbaum davidb at
Fri Feb 5 12:22:12 CST 2010

I should have prefaced that with "older installations" as well.  As far as we 
can see, most of the newer packages have fixed the known truck-sized holes in 
their default configurations, but given the lack of any formal framework for 
testing this stuff, even the "big" switches have been found to have security 
issues from time to time.

I have to admit I was surprised at the number of people I've run into over the 
years who unpacked Asterisk, played with a few phones, and stuck themselves on 
the Internet without any clear understanding of how exposed they are.




On Fri, 5 Feb 2010, Brandon Ewing wrote:

> On Fri, Feb 05, 2010 at 12:45:13PM -0500, David Birnbaum wrote:
>> We have noticed a lot of issues with Asterisk 1.2 and some 1.4 rollouts.
>> FreePBX had some truck-sized holes in it.
> FreePBX 2.6.0 defaults to refusing anonymous SIP calls.  If you enable
> inbound anonymous calls, it includes only the "from-trunk" context, making
> it behave like a standard incoming over over a configured trunk.  If you've
> configured FreePBX to allow outgoing calls from the trunk context, you have
> larger problems in general.
> -- 
> Brandon Ewing                                        (nicotine at

More information about the NANOG mailing list