Leon,
1. Media is normally not accepted by the gateway if is not already negotiated in the signalling. So nobody would be able to get in the middle unless they have control of the signaling which you took provision to protect already. So you are on the safe side unless there are bugs in your gateway.
2. If you use a media session controller you can enforce more checks in there and allow media ports at PSTN gateway originating only from that session controller same as you did for
Mvg, Adrian
Does anyone have an answer to this ? It's not really SER or Asterisk related, but more generic about security for a mediagateway..
Regards,
Leon
On Tue, 2004-07-20 at 10:43, Leon de Rooij wrote:
Hi again :)
Got one more question about using a mediagateway. Right now I've got everything configured that SER relays the call to our mediagateway (asterisk) when necessary. The mediagateway is also on a public IP,
but
only accepting UDP port 5060 connections from the SER proxy. (We use
RP
(reverse path) filtering on our routers, so the IP address cannot be spoofed). Come to think of it, I can additionally also filter on MAC address since both machines are in the same LAN.. I read that a lot of people use an RTP proxy for forwarding the RTP traffic to the gateway (which in turn is in a private net).
My question is: Is my setup less secure than using the RTP proxy ? If so, why ?
Thanks !
Regards,
Leon