On 11-07-23 11:48 AM, Patrick Lists wrote:
On 07/23/2011 04:00 PM, Paul Belanger wrote:
A UAS rejecting an offer contained in an INVITE SHOULD return a 488
(Not Acceptable Here) response. Such a response SHOULD include a
Warning header field value explaining why the offer was rejected.
If the choice is to get hacked/DDOS'ed/etc or compliance with an RFC
created by people who had no appreciation for the rather ugly world out
there then why not throw the RFC out of the window and *not* reject an
invite with a 488? It sounds like an interesting option to add to
"10"/trunk. Better secure than compliant & sorry. Why not do a little
Microsoft Embrace & Extent? Like e.g. Sonus and Cisco do with their
interpretation of SIP.
Personally, I don't see this as a solutions. SIP already provides some
ability to help with security (EG: TLS, SRTP) however that is basically
the extent of it.
The way I see it, it is outside the scope of SIP; it's a signaling
protocol. If 'security' is really something you want to establish, many
existing tools are available to handle this (EG: VPN, firewalls,
encryption, etc).
As previously mentioned, there is no easy, simple solution. Securing
ones services takes work (and time) to do it right. Most people don't
want to spend the effort monitoring it.
--
Paul Belanger
Digium, Inc. | Software Developer
twitter: pabelanger | IRC: pabelanger (Freenode)
Check us out at: http://digium.com & http://asterisk.org
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
