Just a heads up, I installed Elastix yesterday, within one hour of installation I had someone trying to access my Asterisk with Sipvicious. This box has never been used for a SIP registration, so I find it really strange that within an hour of installing Elastix someone knew to scan my IP. They were also able to register with one of my extensions, I use 8 digit extension passwords, and I know for a fact Sipvicious would not have been able to crack my password. Only someone who knew my "default" DB passwords must have accessed mysql to get the password to that extension. There are a couple forums out there that explain how to protect yourself against Sip scans. Let me know if you need help. I also recommend changing all of your default Asterisk and Mysql passwords, it was a real pain to change all the passwords, but once completed you will much safer. I wonder why Elastix doesn't give you an easy way of changing these password, like Trixbox?