[Asterisk-Users] snom 190: dial tone without registration?

Shaun Dwyer shaund at wadata.com.au
Tue Jun 14 18:01:40 MST 2005


Since when does DHCP enforce an IP address?

You can configure it to always give the same IP to a particular MAC, 
however this dosn't stop a malicious user with 1/10th of a clue :D

As Gavin Hamill suggested, iptables rules would be perfect to do things 
like 'only accept traffic from this IP if it originates from this MAC'.

-Shaun


Karl Brose wrote:

>
> You should use DHCP to enforce IP address to MAC binding when the 
> phones boot.
> And then let the phones register and use host access (deny/permit) 
> permissions in peer section to restrict by IP address/mask.
>
>
> alan wrote:
>
>> Gavin Hamill <gdh at laterooms.com> wrote:
>>
>>  
>>
>>> On Monday 13 June 2005 16:42, alan wrote:
>>>
>>>   
>>>
>>>> I'm currently evaluating the Sipura SPA-841, and snom 190 phones 
>>>> for use
>>>> in an Asterisk PBX/call center environment.
>>>>     
>>>
>>
>> <snipped>
>>  enforce SIP channel IP restrictions in Asterisk without
>>  "host=<ipaddr>", or get the snom 190 to stop complaining when it's not
>>  registered
>> </snipped>
>>
>>  
>>
>>> How about tackling this with iptables and matching specific IP 
>>> addresses on
>>> specific MAC addresses?
>>>   
>>
>>
>> This solves part, but not all, of the problem.
>>
>> This ensures that only authorized devices can connect to asterisk, and
>> that their IP addresses are also correct. But it doesn't force
>> each device to use only its assigned sip channel.
>>
>> (That is: with dynamic IP registration, a valid IP/MAC could be
>> configured with another device's SIP registration information, and steal
>> calls which should be going to the other device.)
>>
>> I suppose iptables in combination with sip secrets should be enough.
>>
>> But realistically, I can already do what I want the way I want to do it,
>> with the SPA-841. I mostly need to decide: if this feature is lacking,
>> is it enough for me to prefer the Sipura over the snom?
>>
>> Thanks again,
>>
>> Alan Ferrency
>> pair Networks, Inc.
>> alan at pair.com
>>
>>
>> _______________________________________________
>> Asterisk-Users mailing list
>> Asterisk-Users at lists.digium.com
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>  
>>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
>




More information about the asterisk-users mailing list