[asterisk-dev] Summary: SIP, NAT, security concerns, oh my!
bruceb444 at gmail.com
Wed Nov 9 14:05:27 CST 2011
I just did an X-Lite register to Asterisk extension and first SIP invite
included extension but then Asterisk rejected and asked for authentication
to which X-Lite provided password?!
So, why is there the need to invite without providing authentication in the
first place? Why is there a two step to authentication? This really shows a
shortcoming of SIP v2.0 RFC when it comes to this type of security
On Wed, Nov 9, 2011 at 10:33 AM, Terry Wilson <twilson at digium.com> wrote:
> > Method REGISTER? No known username in the From/To? => No answer.
> > Method anything else? Not from a known IP+port? => No answer.
> Of course, answering when we have a user and not answering when we don't
> makes it pretty easy to scan for usernames.
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the asterisk-dev