I know about the security risks. But i go the following way: * runs in an vmware on a fc3 hostmachine. I copy the vmware-image every 4 days. The only risk here are the mailboxes. Anyway. On the interface of the host runs a NIDS. Aide runs on the asterisk server and several other tools (rkhunter for example). * itself runs at a uid over 1000. no other apps here. But you are right. I guess kick the isa Thx andreas -----Ursprüngliche Nachricht----- Von: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] Im Auftrag von Wolfgang S. Rupprecht Gesendet: Dienstag, 5. Juli 2005 20:24 An: fedora-list@xxxxxxxxxx Betreff: Re: Asterisk on FC3 Andreas Wahlert <andreas.wahlert@xxxxxx> writes: > Has anybody running this configuration or should i kick the ISA?? Since you asked, yes. ;-) I do have an asterisk here and it does need some UDP ports open for incoming traffic. Simplest is just to open these ports in iptables (or whatever) to allow outside packets to hit this local ports. 53/udp (if running a local named) 5004/udp RTP official port number (if using sip phones) 5060/udp SIP 4569/udp AIX2 10000/udp - 10100/udp RTP as used by asterisk Now the word of warning -- asterisk isn't the most defensively written program. The stock config runs as root without a chroot and has plenty of system() calls. It is a program that pretty much dares the kiddies to find a buffer overflow and get rewarded with a root shell. -wolfgang -- Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/ -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list