Hi, Again, you can force route all calls thru the proxy so that calls will always be routed thru the proxy. So that, a session hijacking can be avoided.
In addition to this, I wanted to clarify whether the use of proxy avoid another user from calling your UA without registering to proxy ? eg. using IP dialing... How can this be avoided? I am peculiarly concerned because this is like some malicious user is using your infrastructure for his own purpose. I believe SIP in its core cannot do this!! Regards, Vineet Menon On 11 January 2012 19:41, Kevin P. Fleming <[email protected]> wrote: > On 01/11/2012 07:11 AM, Sandro wrote: > > Hello all. > > > > I have a theoretical question about call admitting and security. > > > > Let's say we have two clients A&B (phones or softphones) and a > > proxy/registrar. > > Clients register themselves on the registrar with authentication (http > > digest). > > This is, i think, the most normal scenario. > > > > Proxy authenticates incoming (from the clients) calls, this means invite > > messages, with the same registrar credentials, and this gives it a > certain > > degree of security. > > > > What happens for clients? > > I mean, how can a client "authorize/authenticate" a call coming from the > > proxy and become sure it's is *really* coming from its proxy? > > > > Let's say for example that a "C" malicious client/proxy is sending > INVITEs > > to A. > > How can A recognize that these INVITEs are not related to the REGISTER > > "session" to the proxy? > > There is no perfect method to do this, but one very common method is for > the UA that REGISTERs to include a randomly-generated token in the > Contact URI that it supplies to the registrar; incoming INVITEs > generated by UAs that obtained the Contact URI from that registrar will > then include that token, and the receiving UA can 'trust' that the > INVITE was generated by a UA that was authorized by the registrar to do so. > > This can easily be sniffed by a third party if the SIP signaling is not > secured, of course. > > -- > Kevin P. Fleming > Digium, Inc. | Director of Software Technologies > Jabber: [email protected] | SIP: [email protected] | Skype: kpfleming > 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA > Check us out at www.digium.com & www.asterisk.org > _______________________________________________ > Sip-implementors mailing list > [email protected] > https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors > _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
