5 Mar
2019
5 Mar
'19
9:06 a.m.
if kamailio doe snot use TLS all the mechanish in atuh module are send the
pasword nude to the network?
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
5 Mar
5 Mar
10:06 a.m.
Hi,
auth module implement digest authentication (rfc2617) so passwords are not
sent in clear from the client to kamailio.
Federico
On Tue, Mar 5, 2019 at 7:07 AM PICCORO McKAY Lenz <mckaygerhard(a)gmail.com>
wrote:
if kamailio doe snot use TLS all the mechanish in atuh
module are send the
pasword nude to the network?
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
3:10 p.m.
thanks for aswer Federico, another, if the communication beetween asterisk
and kamailio are using public ip, that password are easyl hackaeable?
i read rfc2617 but does are not clear respect security and seems SIP is not
an easy protocol to secure due relationship beetween both are trusted or
something similar?
El mar., 5 de mar. de 2019 a la(s) 03:08, Federico Cabiddu (
federico.cabiddu(a)gmail.com) escribió:
Hi,
auth module implement digest authentication (rfc2617) so passwords are not
sent in clear from the client to kamailio.
Federico
On Tue, Mar 5, 2019 at 7:07 AM PICCORO McKAY Lenz <mckaygerhard(a)gmail.com>
wrote:
if kamailio doe snot use TLS all the mechanish in
atuh module are send
the pasword nude to the network?
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
4:32 p.m.
On Tue, Mar 5, 2019 at 1:12 PM PICCORO McKAY Lenz <mckaygerhard(a)gmail.com>
wrote:
thanks for aswer Federico, another, if the
communication beetween asterisk
and kamailio are using public ip, that password are easyl hackaeable?
yes, they are hackable, exactly like HTTP passwords. Easily, that depends
who the hackers are.
Actually, the method used for password exchange is exactly the same as in
http (nonce + md5).
If you use long enough passwords, is probably almost ok, if you can cope
with the breach that can happen (eg: limit the expenses toward your ITSP
gateway, with a cap, or prepaid).
If you are thinking about privacy, then password are completely useless
with "normal" SIP: both signaling (who you call) and media (the sound of
the conversation) are in clear, and can be listened by anyone (no password
needed).
For real security (and privacy, etc) go for TLS and SRTP (ZRTP being the
uber good).
-giovanni
i read rfc2617 but does are not clear respect security and seems SIP is
not an easy protocol to secure due relationship beetween both are trusted
or something similar?
El mar., 5 de mar. de 2019 a la(s) 03:08, Federico Cabiddu (
federico.cabiddu(a)gmail.com) escribió:
--
Sincerely,
Giovanni Maruzzelli
OpenTelecom.IT
cell: +39 347 266 56 18
Hi,
auth module implement digest authentication (rfc2617) so passwords are
not sent in clear from the client to kamailio.
Federico
On Tue, Mar 5, 2019 at 7:07 AM PICCORO McKAY Lenz <mckaygerhard(a)gmail.com>
wrote:
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
if kamailio doe snot use TLS all the mechanish in
atuh module are send
the pasword nude to the network?
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
5:41 p.m.
El mar., 5 de mar. de 2019 a la(s) 09:33, Giovanni Maruzzelli (........@
gmail.com) escribió:
On Tue, Mar 5, 2019 at 1:12 PM PICCORO McKAY Lenz
<mckaygerhard(a)gmail.com>
wrote:
umm like that so then sound and any other stream beetween two right?
thanks for aswer Federico, another, if the
communication beetween
asterisk and kamailio are using public ip, that password are easyl
hackaeable?
yes, they are hackable, exactly like HTTP passwords. Easily, that depends
who the hackers are.
For real security (and privacy, etc) go for TLS and
SRTP (ZRTP being the
uber good).
TLS implementation are knowed, but some documentations and ruting examples
for SRTP case?
very very thanks Giovanni Maruzzelli
-giovanni
i read rfc2617 but does are not clear respect security and seems SIP is
not an easy protocol to secure due relationship beetween both are trusted
or something similar?
El mar., 5 de mar. de 2019 a la(s) 03:08, Federico Cabiddu (
federico.cabiddu(a)gmail.com) escribió:
--
Sincerely,
Giovanni Maruzzelli
OpenTelecom.IT
cell: +39 347 266 56 18
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi,
auth module implement digest authentication (rfc2617) so passwords are
not sent in clear from the client to kamailio.
Federico
On Tue, Mar 5, 2019 at 7:07 AM PICCORO McKAY Lenz <
mckaygerhard(a)gmail.com> wrote:
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
if kamailio doe snot use TLS all the mechanish in
atuh module are send
the pasword nude to the network?
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
2089
days inactive
2089
days old
4 comments
3 participants
participants (3)
-
Federico Cabiddu -
Giovanni Maruzzelli -
PICCORO McKAY Lenz