RE: [Asterisk-Users] Anyone knows how to receive a SIP call withoutregistering gateway?

[Damon Estep]

How is this insecure? Most large business and wholesale providers use only IP authentication, relying on a session border controller to do the authentication work resulting in great scalability on the softswitch (since it does not have to act as a proxy as well).   If they know your IP, and you know their IP, the only risk is that your IP address can somehow be hijacked.   IP authentication is actually better when done with a SBC or firewall because it hides the SIP registration port from the hackers in the less than honest parts of the country/world. I do not think host= in asterisk has the same affect. It still listens and responds on 5060. If they do not know its there they can’t try to hack it.   I do agree that BOTH digest and IP authentication would be nice, but that is not the reality these days, my providers trust my IPs an I trust theirs, no need for auth as long as the routers in between remain secure. If someone hijacks my routes or theirs it is only a matter of seconds before we know it. If someone hijacks my auth credentials it may be a billing cycle or 2 before I figure it out.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of BJ Weschke Sent: Wednesday, September 14, 2005 12:50 AM To: C. Savinovich; Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Anyone knows how to receive a SIP call withoutregistering gateway?    What they're asking you to do is quite insecure to be doing over public IP. At the very least, you should confirm that there is a static IP that these calls will be coming from and only accept calls from that IP, but that's still not quite as secure as digest authentication that would be available via registration.    If you know what IP the calls are coming from, you simply insert a host=XX.XX.XX.XX instead of host=dynamic in your sip.conf for that peer and calls should then come in as they did before without them having to register. If they are pre-pending digits on to the front of what you're interpreting as the dialed number/extension, you may choose to lop them off in extensions.conf, but aside from that this is fairly straight forward.   On 9/14/05, C. Savinovich <[EMAIL PROTECTED]> wrote:   Hello everyone, I am pulling my hair here because a carrier threw me curve early today.   They want to send calls to my asterisk server using SIP.  Then they said that their gateways don't have to register with my server, that all they have to do is send a prefix for validation.  Whereas I can think of several ways to authenticate their incoming number string, I am only used to the orthodox SIP way which is: client registers to my proxy.   Guess what, I can't find any samples on this!!, Can anyone please help?, I will probably need a sample sip.conf.   and then, to make a test call, I can use another asterisk box and try asterisk to asterisk sip calls (without register) via the cli prompt.   But I have no idea.... and I am intrigued.   Thanks   CS _______________________________________________ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit:    http://lists.digium.com/mailman/listinfo/asterisk-users

_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --

Asterisk-Users mailing list
Asterisk-Users@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users