[Serusers] Advice needed
Michael Ulitskiy
mdu113 at acedsl.com
Tue May 24 17:32:38 CEST 2005
On Tuesday 24 May 2005 10:26 am, you wrote:
> >>> Also I don't understand what you mean by #3. Taking ip address from
> >>> authenticated REGISTER and then doing IP auth on that?
> >>
> >> No, using sipsak to actually do a REGISTER on behalf of your ser. No
> >> IP auth, basically it makes your ser a registered client of the GW.
> >> Of course, if INVITEs still must be authenticated, you are back to
> >> the UAC module problem.
> >
> > Sorry, Greger, I still don't understand how would registering adds
> > any INVITE-security if INVITEs not authenticated. Still anyone can
> > send INVITE putting ip address of
> > my server as source of ip packet.
>
> ;-) Yes, that's is exactly what I'm saying. I was just listing the various
> alternatives, not complete solutions. Basically, as a GW provider, you
> decide on your level of security and how you want to implement it. Ex. ACLs
> on IP addresses and always replying to source IP is one way. Authenticating
> INVITEs is another. It all boils down to working with your providers to
> figure out the best way to do it. (AFAIK, you are the customer when buying
> PSTN minutes...)
Exactly, I'm a customer. And I actually want to authenticate for my own peace of mind.
Now, it's in the planning stage and I'm trying to understand my options.
Thanks for your comments.
> g-)
Michael
More information about the sr-users
mailing list