[Asterisk-Users] Anyone knows how to receive a SIP call withoutregistering gateway?

Damon Estep damon at suburbanbroadband.net
Wed Sep 14 09:50:57 MST 2005


How is this insecure? Most large business and wholesale providers use
only IP authentication, relying on a session border controller to do the
authentication work resulting in great scalability on the softswitch
(since it does not have to act as a proxy as well).

 

If they know your IP, and you know their IP, the only risk is that your
IP address can somehow be hijacked.

 

IP authentication is actually better when done with a SBC or firewall
because it hides the SIP registration port from the hackers in the less
than honest parts of the country/world. I do not think host= in asterisk
has the same affect. It still listens and responds on 5060. If they do
not know its there they can't try to hack it.

 

I do agree that BOTH digest and IP authentication would be nice, but
that is not the reality these days, my providers trust my IPs an I trust
theirs, no need for auth as long as the routers in between remain
secure. If someone hijacks my routes or theirs it is only a matter of
seconds before we know it. If someone hijacks my auth credentials it may
be a billing cycle or 2 before I figure it out.

 

________________________________

From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of BJ Weschke
Sent: Wednesday, September 14, 2005 12:50 AM
To: C. Savinovich; Asterisk Users Mailing List - Non-Commercial
Discussion
Subject: Re: [Asterisk-Users] Anyone knows how to receive a SIP call
withoutregistering gateway?

 

 What they're asking you to do is quite insecure to be doing over public
IP. At the very least, you should confirm that there is a static IP that
these calls will be coming from and only accept calls from that IP, but
that's still not quite as secure as digest authentication that would be
available via registration. 

 

 If you know what IP the calls are coming from, you simply insert a
host=XX.XX.XX.XX instead of host=dynamic in your sip.conf for that peer
and calls should then come in as they did before without them having to
register. If they are pre-pending digits on to the front of what you're
interpreting as the dialed number/extension, you may choose to lop them
off in extensions.conf, but aside from that this is fairly straight
forward.

 

On 9/14/05, C. Savinovich <c.savinovich at earthlink.net> wrote: 


  Hello everyone, I am pulling my hair here because a carrier threw me
curve early today.

  They want to send calls to my asterisk server using SIP.  Then they
said that their gateways don't have to register with my server, that all
they have to do is send a prefix for validation.  Whereas I can think of
several ways to authenticate their incoming number string, I am only
used to the orthodox SIP way which is: client registers to my proxy.
Guess what, I can't find any samples on this!!, Can anyone please help?,
I will probably need a sample sip.conf.   and then, to make a test call,
I can use another asterisk box and try asterisk to asterisk sip calls
(without register) via the cli prompt.   But I have no idea.... and I am
intrigued.

  Thanks
  CS


_______________________________________________
--Bandwidth and Colocation sponsored by Easynews.com --

Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users
<http://lists.digium.com/mailman/listinfo/asterisk-users> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20050914/40a2b259/attachment.htm


More information about the asterisk-users mailing list