24 May
2005
24 May
'05
6:32 p.m.
On Tuesday 24 May 2005 10:26 am, you wrote:
Sorry, Greger, I still don't understand how would registering adds
any INVITE-security if INVITEs not authenticated. Still anyone can
send INVITE putting ip address of
my server as source of ip packet.
;-) Yes, that's is exactly what I'm saying. I was just listing the various
alternatives, not complete solutions. Basically, as a GW provider, you
decide on your level of security and how you want to implement it. Ex. ACLs
on IP addresses and always replying to source IP is one way. Authenticating
INVITEs is another. It all boils down to working with your providers to
figure out the best way to do it. (AFAIK, you are the customer when buying
PSTN minutes...)
Exactly, I'm a customer. And I actually want to authenticate for my own peace of
mind.
Now, it's in the planning stage and I'm trying to understand my options.
Thanks for your comments.
Also I
don't understand what you mean by #3. Taking ip address from
authenticated REGISTER and then doing IP auth on that?
No, using sipsak to actually do a REGISTER on behalf of your ser. No
IP auth, basically it makes your ser a registered client of the GW.
Of course, if INVITEs still must be authenticated, you are back to
the UAC module problem. g-)
Michael