[App_rpt-users] New Official Allstar Distribution Released
Stacy
kg7qin at arrl.net
Tue Oct 6 02:11:18 UTC 2015
For IAX2:
http://downloads.asterisk.org/pub/security/AST-2009-006.pdf
"IAX2 Call Number Resource Exhaustion"
There are others. This particular advisory is on the LAST page as the
LAST one. :)
-Stacy
KG7QIN
On 10/05/2015 07:09 PM, Stacy wrote:
> Take a look at the Digium website. The advisories are there.
>
> IAX2 has one (if I remember correctly it eats up all the channel's
> resources causing a denial of service).
>
> http://www.asterisk.org/downloads/security-advisories
>
> -Stacy
> KG7QIN
>
> On 10/05/2015 04:40 PM, Steve Zingman wrote:
>> Leon,
>> I've heard this before about old Asterisk. Any notes you can point to
>> detailing security issues in 1.4?
>>
>> 73, Steve N4IRS
>>
>> On 10/05/2015 06:43 PM, Leon Zetekoff wrote:
>>> If I can throw in my $0.02
>>>
>>> from someone who has worked at a service provider doing managed
>>> services (routers and firewalls) you want to heed NerdUno (Ward
>>> Mundy's) words to never expose Asterisk to the internet, and
>>> especially since this is old ASterisk. You want some sort of
>>> firewall appliance in front of it.
>>>
>>> I personally prefer VPN tunnels coming back in but you can get
>>> crafty and do port forwards with unknown ports to like 22 and 80 but
>>> there's always that risk of someone catching on. Tunnels are the
>>> safest way to get back inside. You only want to expose only the
>>> ports specifically necessary to do the job.
>>>
>>> 73 leon wa4zlw
>>>
>>> On 10/5/2015 6:17 PM, Bryan Fields wrote:
>>>> On 10/5/15 4:56 PM, David AIf I can throw inndrzejewski wrote:
>>>>> This is a bad idea. Root should *never* be allowed to login to a system
>>>>> remotely. It's better to log in as a normal user and then become root
>>>>> via su, sudo, etc.
>>>> meh, it's more of a local policy thing. I'd prefer it's not
>>>> enabled by default, but there are some reasons I could see for
>>>> enabling it.
>>>>
>>>> --
>>>> Bryan Fields
>>>>
>>>> 727-409-1194 - Voice
>>>> 727-214-2508 - Fax
>>>> http://bryanfields.net
>>>>
>>>>
>>>> _______________________________________________
>>>> App_rpt-users mailing list
>>>> App_rpt-users at ohnosec.org
>>>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>>>
>>>> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
>>>> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
>>>
>>>
>>>
>>> _______________________________________________
>>> App_rpt-users mailing list
>>> App_rpt-users at ohnosec.org
>>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>>
>>> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
>>> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
>>
>> --
>> "Anything is possible if you don't know what you are talking about."
>> 1st Law of Logic
>>
>>
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at ohnosec.org
>> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
>> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
>
>
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20151005/8ea9f8fd/attachment.html>
More information about the App_rpt-users
mailing list