[asterisk-dev] Summary: SIP, NAT, security concerns, oh my!

Bruce B bruceb444 at gmail.com
Wed Nov 9 14:05:27 CST 2011

I just did an X-Lite register to Asterisk extension and first SIP invite
included extension but then Asterisk rejected and asked for authentication
to which X-Lite provided password?!

So, why is there the need to invite without providing authentication in the
first place? Why is there a two step to authentication? This really shows a
shortcoming of SIP v2.0 RFC when it comes to this type of security


On Wed, Nov 9, 2011 at 10:33 AM, Terry Wilson <twilson at digium.com> wrote:

>  > Method REGISTER? No known username in the From/To? => No answer.
> > Method anything else? Not from a known IP+port? => No answer.
> Of course, answering when we have a user and not answering when we don't
> makes it pretty easy to scan for usernames.
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20111109/20ea01fd/attachment-0001.htm>

More information about the asterisk-dev mailing list