How is this insecure? Most large business
and wholesale providers use only IP authentication, relying on a session border
controller to do the authentication work resulting in great scalability on the
softswitch (since it does not have to act as a proxy as well).
If they know your IP, and you know their
IP, the only risk is that your IP address can somehow be hijacked.
IP authentication is actually better when
done with a SBC or firewall because it hides the SIP registration port from the
hackers in the less than honest parts of the country/world. I do not think
host= in asterisk has the same affect. It still listens and responds on 5060. If
they do not know its there they cant try to hack it.
I do agree that BOTH digest and IP authentication
would be nice, but that is not the reality these days, my providers trust my
IPs an I trust theirs, no need for auth as long as the routers in between
remain secure. If someone hijacks my routes or theirs it is only a matter of seconds
before we know it. If someone hijacks my auth credentials it may be a billing
cycle or 2 before I figure it out.
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of BJ Weschke
Sent: Wednesday, September 14,
2005 12:50 AM
To: C. Savinovich; Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [Asterisk-Users]
Anyone knows how to receive a SIP call withoutregistering gateway?
What they're asking you to do is quite insecure to be doing over
public IP. At the very least, you should confirm that there is a static IP that
these calls will be coming from and only accept calls from that IP, but that's
still not quite as secure as digest authentication that would be available via
registration.
If you know what IP the calls are coming from, you simply insert
a host=XX.XX.XX.XX instead of host=dynamic in your sip.conf for that peer and
calls should then come in as they did before without them having to register.
If they are pre-pending digits on to the front of what you're interpreting as
the dialed number/extension, you may choose to lop them off in extensions.conf,
but aside from that this is fairly straight forward.
On 9/14/05, C.
Savinovich [EMAIL PROTECTED]
wrote:
Hello everyone, I am pulling my hair here because a carrier threw
me curve early today.
They want to send calls to my asterisk server using
SIP.Then they said that their gateways don't have to register with
my server, that all they have to do is send a prefix for
validation.Whereas I can think of several ways to authenticate
their incoming number string, I am only used to the orthodox SIP way which is:
client registers to my proxy. Guess what, I can't find any samples
on this!!, Can anyone please help?, I will probably need a sample
sip.conf. and then, to make a test call, I can use another asterisk
box and try asterisk to asterisk sip calls (without register) via the cli
prompt. But I have no idea and I am intrigued.
Thanks
CS
___
--Bandwidth and Colocation sponsored by Easynews.com
--
Asterisk-Users mailing list
Asterisk-Users@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
___
--Bandwidth and Colocation sponsored by Easynews.com --
Asterisk-Users mailing list
Asterisk-Users@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
