I noticed Scott's comments about the fact that we should not use IP address/port as an authenticator: http://list.sipfoundry.org/archive/sipx-dev/msg13439.html. With that in the past the best way I can think of to police PSTN calls via gateways would be to use IP address/port-based ACLs on the gateway to restrict calls to only those coming from (and authenticated/authorized by) sipXproxy. This ensures gateway calls can not be made by pointing a SIP endpoint directly to the gateway.
sipXbridge is a new stand alone proxy server application, which is a gate for outgoing calls via ITSPs. I am wondering what can be done or is being considered as a solution to prevent people from sending calls directly to sipXbridge and bypassing the sipXproxy. Alternatively, are there mechanisms implemented in sipXbridge to reject calls from anywhere but the sipXproxy. I suppose logic that would use signed sipX-identity can be used to implement such a mechanism. Thanks, Mark. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
