[SR-Users] help with SIP Notify message, to make a endpoint (SPA504G and similar) to reboot.
Pedro Niño
nino.pedro at gmail.com
Thu Mar 13 23:55:56 CET 2014
Indeed, of course that way works, but I am pretty sure that Kamailio can
intercept and give the right response.
Right now what would be needed is to make a complete SIP Notify with the
according digest, using the password picked from the database, and send it
back. The answer would be a 200 'OK' .
Will keep trying, don't like to leave that back door open at the phones...
On Thu, Mar 13, 2014 at 8:26 AM, Pedro Niño <nino.pedro at gmail.com> wrote:
> The other (ugly) option, is to remove the auth from the phone, for the Sip
> Provisioning, but that would leave and open door to a reboot attack without
> auth needed from any IP. And I dont like that option.
>
This might not be as bad of an option as you think. If the SPA is behind a
stateful firewall then that firewall should allow the NOTIFY from the
registrar due to the REGISTER and NAT keep-alive packets opening the
firewall, but disallow SIP from any other source. I would recommend
verifying that before you deploy it though as I haven't tested it myself.
Corey
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users at lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140313/443e25be/attachment.html>
More information about the sr-users
mailing list