[App_rpt-users] New Official Allstar Distribution Released

Tue Oct 6 02:09:04 UTC 2015

Take a look at the Digium website.  The advisories are there.

IAX2 has one (if I remember correctly it eats up all the channel's
resources causing a denial of service).

http://www.asterisk.org/downloads/security-advisories

-Stacy
KG7QIN

On 10/05/2015 04:40 PM, Steve Zingman wrote:
> Leon,
> I've heard this before about old Asterisk. Any notes you can point to
> detailing security issues in 1.4?
>
> 73, Steve N4IRS
>
> On 10/05/2015 06:43 PM, Leon Zetekoff wrote:
>> If I can throw in my $0.02
>>
>> from someone who has worked at a service provider doing managed
>> services (routers and firewalls) you want to heed NerdUno (Ward
>> Mundy's) words to never expose Asterisk to the internet, and
>> especially since this is old ASterisk. You want some sort of firewall
>> appliance in front of it.
>>
>> I personally prefer VPN tunnels coming back in but you can get crafty
>> and do port forwards with unknown ports to like 22 and 80 but there's
>> always that risk of someone catching on. Tunnels are the safest way
>> to get back inside. You only want to expose only the ports
>> specifically necessary to do the job.
>>
>> 73 leon wa4zlw
>>
>> On 10/5/2015 6:17 PM, Bryan Fields wrote:
>>> On 10/5/15 4:56 PM, David AIf I can throw inndrzejewski wrote:
>>>> This is a bad idea.  Root should *never* be allowed to login to a system 
>>>> remotely.  It's better to log in as a normal user and then become root 
>>>> via su, sudo, etc.
>>> meh, it's more of a local policy thing.  I'd prefer it's not enabled
>>> by default, but there are some reasons I could see for enabling it.
>>>
>>> -- 
>>> Bryan Fields
>>>
>>> 727-409-1194 - Voice
>>> 727-214-2508 - Fax
>>> http://bryanfields.net
>>>
>>>
>>> _______________________________________________
>>> App_rpt-users mailing list
>>> App_rpt-users at ohnosec.org
>>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>>
>>> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
>>> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. 
>>
>>
>>
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at ohnosec.org
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
>> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. 
>
> -- 
> "Anything is possible if you don't know what you are talking about."
> 1st Law of Logic
>
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20151005/9bc2863a/attachment.html>