[SR-Users] Security

Daniel-Constantin Mierla miconda at gmail.com
Wed Apr 16 12:49:54 CEST 2014


On 16/04/14 09:52, Keith wrote:
> Hi All,
> I am looking to apply some security on invites so I only accept from 
> IP addresses in the address table or authenticated users. I have the 
> address table bit working but I am struggling with the authenticated 
> users bit. Wondering if anyone has done it? I was thinking of using 
> the location table in some way as those users have authenticated?
> Any ideas would be appreciated.
you should authenticate all requests coming from non-trusted peers. The 
default config file does it for the users that pretend to be local 
subscribers. Just look at route[AUTH].

Relaying on location table might not be safe, you can eventually check 
the source ip, but then someone can be in the same network behind the 
nat and call on behalf of another phone registered from the same local 

Also, in sip, phones can call without being registered. Registration is 
done only to be able to be called.


Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

More information about the sr-users mailing list