Hello,
On 16/04/14 09:52, Keith wrote:
Hi All,
I am looking to apply some security on invites so I only accept from IP addresses in the address table or authenticated users. I have the address table bit working but I am struggling with the authenticated users bit. Wondering if anyone has done it? I was thinking of using the location table in some way as those users have authenticated?
Any ideas would be appreciated.
you should authenticate all requests coming from non-trusted peers. The default config file does it for the users that pretend to be local subscribers. Just look at route[AUTH].
Relaying on location table might not be safe, you can eventually check the source ip, but then someone can be in the same network behind the nat and call on behalf of another phone registered from the same local network.
Also, in sip, phones can call without being registered. Registration is done only to be able to be called.
Cheers, Daniel