Does FreePBX authenticate incoming calls in any way?
Theoretically if I have the DID blank for an incoming route (meaning any DID) could someone send calls to my box if they pointed one of their own DID’s to route to the IP of my FreePBX/Asterisk box?
And if I have an on hold queue, they could theoretically use up more channels then I have g.729 licenses for, and do some what of DoS on my box.
You can either allow anonymous SIP calls or not. If you have concerns, the best thing to do is firewall SIP ports and only poke holes for IPs of known authorized users. I realize this isn’t always possible.
Asterisk will authenticate or not authenticate incoming calls; it is your choice. If you set up a guest IAX trunk, you can receive un-authenticated IAX calls. If you allow anonymous SIP, you can receive un-authenticated SIP calls. Setting an any/any route in inbound routes has nothing to do with authentication of trunks.
The inbound route, any/any, will allow someone to send any DID to your IP, or Zap channel and you box will receive the call and route the call according to where you selected it to go in the Any/Any route.
I have several DID’s listed in inbound routes, but I have no any/any route. I allow anonymous SIP and I have a guest IAX trunk. You can get to my box anonymously, but you need to know one of my DID’s to get in.
Joe Roper has a good way to handle the Any/Any route. He sets it to hangup. If you don’t have an any/any route, when someone hits it, they will get a message from Allison stating the number is unavailable … A trained ear would then know it is an Asterisk Box and could proceed with their attack, if that is their goal. Having the Any/Any route set to hangup doesn’t give the caller any indication of what type of phone server you have.
I hope this helps explain the difference.