Re: [OpenSER-Users] Security hole in REGISTER's Contact using domain

14 Dec 2007

Neill Wilkinson writes:

...
  Surely just authenticate all register requests with
www-challenge. Hide your
 gateway and SER behind a firewall so your Gateway cannot be seen from the
 outside work (from a SIP Signalling perspective), and for PSTN calls from
 authenticated users do a rewritehost and forward to send the INVITEs on to
 the PSTN gateway?

 Neill....;o) 
perhaps you didn't understand the problem.  authenticating register
requests is not enough.  you also need to check what user puts in
contact(s), since you cannot hide your gws from your proxies.

-- juha

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [OpenSER-Users] Security hole in REGISTER's Contact using domain