You can achieve this by front ending asterisk with a *SER proxy server and handling the REGISTER there. But doing this is asking for trouble. If the first REGISTER over UDP is authenticated and for a second one only the source IP/port is checked, then an attacker could easily spoof the IP/port and hijack incoming calls to the registered account (by providing it's own location in the REGISTER's Contact header). Or it can simply unregister the account (by setting expires=0 in REGISTER's Contact header).
-ovidiu On Wed, Feb 13, 2013 at 10:46 AM, Liviu Toma <[email protected]> wrote: > Hi, > > I was wondering if the following feature can be enabled somehow in Asterisk. > Normally when an ATA/IP Phone registers with the server, it sends > first a register request which contains only the username and no > password. The server rejects it but sends a nonce. Then the ATA sends > another registration, this time with a password encrypted with the > nonce sent by the server. This time the registration is accepted. > This is all fine for the fist registration. What I am wondering is if > it's possible for any subsequent registrations to be accepted from the > first attempt (without password) as long as they come from the same IP > address/port as the previous registration for the same peer. > > Thanks, > Liviu Toma --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
