> Something I've been curious about is if it is possible to stick their > ata on a extra ethernet port on an Asterisk server and have the Asterisk > server spoof the Vonage server. Then, do a man-in-the-middle type thing > to use the ata for authentication, but have Asterisk handle all the calls.
That would work assuming you write a transparent enough proxy that would forward all SIP traffic to the ATA but intercept REGISTER and INVITE messages that contain authentication data. Not quite trivial, but doable over a weekend. The question is, is it really worth it? The deal you get with Vonage isn't all *that* great. You can find as reliable termination/origination elsewhere with open credentials for the same price (or cheaper) if you look around... assuming typical residential usage. > Perhaps another idea is to hammer an ata with authentication requests > and create a long list of nonces and hashes that you replay back to the > server as needed. Not a good idea (all legal and ethical implications aside). Given an 8 byte hex challenge (32 bit) you would need 64 GB of space to store the MD5 hashes for all nonces. Assuming you can attack the ATA with 100 requests a second you would need more than a year to collect all the responses... and who says the credentials do not changed periodically and the ATA fetches new config from Vonage? --Luki _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
