[SR-Users] Security
Daniel-Constantin Mierla
miconda at gmail.com
Wed Apr 16 12:49:54 CEST 2014
Hello,
On 16/04/14 09:52, Keith wrote:
> Hi All,
>
> I am looking to apply some security on invites so I only accept from
> IP addresses in the address table or authenticated users. I have the
> address table bit working but I am struggling with the authenticated
> users bit. Wondering if anyone has done it? I was thinking of using
> the location table in some way as those users have authenticated?
>
> Any ideas would be appreciated.
you should authenticate all requests coming from non-trusted peers. The
default config file does it for the users that pretend to be local
subscribers. Just look at route[AUTH].
Relaying on location table might not be safe, you can eventually check
the source ip, but then someone can be in the same network behind the
nat and call on behalf of another phone registered from the same local
network.
Also, in sip, phones can call without being registered. Registration is
done only to be able to be called.
Cheers,
Daniel
--
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
More information about the sr-users
mailing list