[Serusers] Re: Using Asterisk as mediagateway with or without

[AG Projects support]

Leon,

1. Media is normally not accepted by the gateway if is not already 
negotiated in the signalling. So nobody would be able to get in the 
middle unless they have control of the signaling which you took 
provision to protect already. So you are on the safe side unless there 
are bugs in your gateway.

2. If you use a media session controller you can enforce more checks in 
there and allow media ports at PSTN gateway originating only from that 
session controller same as you did for

Mvg,
Adrian

 >>>

Does anyone have an answer to this ? It's not really SER or Asterisk
related, but more generic about security for a mediagateway..

Regards,

Leon

On Tue, 2004-07-20 at 10:43, Leon de Rooij wrote:
 > Hi again :)
 >
 > Got one more question about using a mediagateway. Right now I've got
 > everything configured that SER relays the call to our mediagateway
 > (asterisk) when necessary. The mediagateway is also on a public IP, 
but
 > only accepting UDP port 5060 connections from the SER proxy. (We use 
RP
 > (reverse path) filtering on our routers, so the IP address cannot be
 > spoofed). Come to think of it, I can additionally also filter on MAC
 > address since both machines are in the same LAN..
 > I read that a lot of people use an RTP proxy for forwarding the RTP
 > traffic to the gateway (which in turn is in a private net).
 >
 > My question is: Is my setup less secure than using the RTP proxy ? If
 > so, why ?
 >
 > Thanks !
 >
 > Regards,
 >
 > Leon


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 3071 bytes
Desc: not available
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20040723/61c12ac9/attachment.bin>