Am 07.10.10 10:52, schrieb Steve Davies: > Hi, > <snipped> Hello,
i just want to say something about point 4 which comes to my mind about security. > > 4) I am not sure whether it is worth dropping through and testing auth > against other peers if there is no username match. Can auth ever > succeed under those circumstances (password matches, but not > username?) If you use UDP its very easy to fake the source ip of a call so do you really want to open a door to an attacker by authenticate only by ip and passwort which can match to any peer with the same ip adress? To bruteforce this would be much easier than to bruteforce against sending IP, right username and right password. Have you tried to use different ports to register? i think this could help. > Regards, > Steve > best regards Stefan -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
