Hi there,
I agree with Juha's arguments - in actually do not need anything special in order to protect a SIP device, if the device has proper and secure behaviour (rejecting everything that doesn't explicitly have it's address, having the possibility to set IP filters to accept only from selected sources, etc).
But I have a question: are all SIP devices able to act in that way? Look like not even the GW and not even CISCO GW do so. So, not sure how many GW plans to add this security features and when.... :(
And that's only about GW - the idea is to be able to protect whatever SIP device - media servers, billing servers, etc....which never knows how "smart are"...right?
on the other hand, is somebody seeing another applicability for this IP blacklist feature (excepting to protect inner SIP entities) ?
regards, bogdan
Klaus Darilion wrote:
Juha Heinanen wrote:
Klaus Darilion writes:
- Does this work with Cisco GWs? AFAIK not.
no, but cisco has officially admitted that it is a bug and given it a bug id.
You never know how long it takes to fix Cisco bugs (-->ENUM lookup).
Further, I'm not sure if this will also be fixed for old equipment (AS5300).
regards, klaus