Re: [OpenSER-Users] Security hole in REGISTER's Contact using domain

Curve ball suggestion: Surely just authenticate all register requests with www-challenge. Hide your gateway and SER behind a firewall so your Gateway cannot be seen from the outside work (from a SIP Signalling perspective), and for PSTN calls from authenticated users do a rewritehost and forward to send the INVITEs on to the PSTN gateway? Neill....;o) -----Original Message----- From: users-bounces(a)lists.openser.org [mailto:users-bounces@lists.openser.org] On Behalf Of Juha Heinanen Sent: 14 December 2007 10:05 To: Iñaki Baz Castillo Cc: users(a)lists.openser.org Subject: Re: [OpenSER-Users] Security hole in REGISTER's Contact using domain Iñaki Baz Castillo writes: this is registrar solution. you use parmissions module and don;t accept registrations where ip address in hostpart of contact belongs to your gws. you can use lcr module to add the prefix. beginning that is correct, but the prefix does not need to be secret, just something that doesn't normally appear in userparts. why do you think it is complex? one row in register.deny and one strip at the gateway. -- juha _______________________________________________ Users mailing list Users(a)lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users