23 Jul
2004
23 Jul
'04
12:32 p.m.
Leon,
1. Media is normally not accepted by the gateway if is not already
negotiated in the signalling. So nobody would be able to get in the
middle unless they have control of the signaling which you took
provision to protect already. So you are on the safe side unless there
are bugs in your gateway.
2. If you use a media session controller you can enforce more checks in
there and allow media ports at PSTN gateway originating only from that
session controller same as you did for
Mvg,
Adrian
>>
Does anyone have an answer to this ? It's not really SER or Asterisk
related, but more generic about security for a mediagateway..
Regards,
Leon
On Tue, 2004-07-20 at 10:43, Leon de Rooij wrote:
Hi again :)
Got one more question about using a mediagateway. Right now I've got
everything configured that SER relays the call to our mediagateway
(asterisk) when necessary. The mediagateway is also on a public IP,
but
only accepting UDP port 5060 connections from the SER
proxy. (We use
RP
(reverse path) filtering on our routers, so the IP
address cannot be
spoofed). Come to think of it, I can additionally also filter on MAC
address since both machines are in the same LAN..
I read that a lot of people use an RTP proxy for forwarding the RTP
traffic to the gateway (which in turn is in a private net).
My question is: Is my setup less secure than using the RTP proxy ? If
so, why ?
Thanks !
Regards,
Leon