PJSIP hardening

Asterisk Asterisk SIP
1

I’m upgrading from SIP to PJSIP and wondering how I can harden my configuration.

Previously, I had these settings in sip.conf and wondering if they have equivalents in PJSIP? The level of hck attacks with these settings was much lower than it currently is with my new PJSIP configuration.

  1. alwaysauthreject=yes

  2. domain = asterisk.mydomain.com

  3. allowexternaldomains = no

  4. allowguest = no

  5. deny=0.0.0.0/0.0.0.0
    permit=10.0.0.0/255.0.0.0

2

There is no option for “alwaysauthreject”. It is always on.
There is no equivalent settings functionality wise for “domain” and “allowexternaldomains”.
The “allowguest” option is always set to no unless you create an endpoint named “anonymous”.
The “deny” and “permit” options can be set at a global and endpoint basis.

4 Likes