Re: [Serusers] Advice needed

24 May 2005

...
    As for ip auth I guess it's just not good enough.
UDP invites don't
 require any handshake it's not hard at all to spoof ip address. I
 believe sending 2 invites worth the security it actually adds. 
 Yes, but you can also do TCP. 
 Yes, it's possible if provider supports it. I'm not sure that it's
 better in terms
 of performance that sending 2 UDP INVITEs and I'd still prefer to
 authenticate,
 but it's a possibility. Thanks. 
Agree.

...
    Also I don't understand what you mean by #3.
Taking ip address from
 authenticated REGISTER and then doing IP auth on that? 
 No, using sipsak to actually do a REGISTER on behalf of your ser. No
 IP auth, basically it makes your ser a registered client of the GW.
 Of course, if INVITEs still must be authenticated, you are back to
 the UAC module problem. 
 Sorry, Greger, I still don't understand how would registering adds
 any INVITE-security if INVITEs not authenticated. Still anyone can
 send INVITE putting ip address of
 my server as source of ip packet. 
;-) Yes, that's is exactly what I'm saying. I was just listing the various 
alternatives, not complete solutions. Basically, as a GW provider, you 
decide on your level of security and how you want to implement it.  Ex. ACLs 
on IP addresses and always replying to source IP is one way. Authenticating 
INVITEs is another. It all boils down to working with your providers to 
figure out the best way to do it.  (AFAIK, you are the customer when buying 
PSTN minutes...)
g-)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [Serusers] Advice needed