16 Apr
2014
16 Apr
'14
1:49 p.m.
Hello,
On 16/04/14 09:52, Keith wrote:
Hi All,
I am looking to apply some security on invites so I only accept from
IP addresses in the address table or authenticated users. I have the
address table bit working but I am struggling with the authenticated
users bit. Wondering if anyone has done it? I was thinking of using
the location table in some way as those users have authenticated?
Any ideas would be appreciated.
you should authenticate all requests coming from
non-trusted peers. The
default config file does it for the users that pretend to be local
subscribers. Just look at route[AUTH].
Relaying on location table might not be safe, you can eventually check
the source ip, but then someone can be in the same network behind the
nat and call on behalf of another phone registered from the same local
network.
Also, in sip, phones can call without being registered. Registration is
done only to be able to be called.
Cheers,
Daniel
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda