Unauthenticated calls can be made via the Asterisk SIP channel driver using an invalid From header. This acts similarly to the SIP configuration option 'allowguest=yes', in that calls with a specially crafted From header would be sent to the PBX in the context specified in the general section of sip.conf.

http://www.securiteam.com/unixfocus/5QP0H2KNPI.html