On Tue, 2010-02-16 at 08:30 -0500, Scott Lawrence wrote: > On Mon, 2010-02-15 at 21:26 -0600, [email protected] wrote: > > > In asterisk, one of the main suggestions for security is to make your > > SIP user names different than your extensions. > > A pointless attempt at 'security through obscurity'. It's trivial to > get a SIP endpoint to reveal its user name.
Well, it might actually work on Asterisk, since it's a B2BUA and a caller can't talk directly to a phone. But in the real world, one does not expect these "secure" SIP user names to be assigned pseudo-randomly, so they probably aren't hard to guess. Dale _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
