[Asterisk-Users] Asterisk with Vonage
Luki
lugosoft at gmail.com
Fri Mar 31 20:27:02 MST 2006
> Something I've been curious about is if it is possible to stick their
> ata on a extra ethernet port on an Asterisk server and have the Asterisk
> server spoof the Vonage server. Then, do a man-in-the-middle type thing
> to use the ata for authentication, but have Asterisk handle all the calls.
That would work assuming you write a transparent enough proxy that
would forward all SIP traffic to the ATA but intercept REGISTER and
INVITE messages that contain authentication data. Not quite trivial,
but doable over a weekend. The question is, is it really worth it? The
deal you get with Vonage isn't all *that* great. You can find as
reliable termination/origination elsewhere with open credentials for
the same price (or cheaper) if you look around... assuming typical
residential usage.
> Perhaps another idea is to hammer an ata with authentication requests
> and create a long list of nonces and hashes that you replay back to the
> server as needed.
Not a good idea (all legal and ethical implications aside). Given an 8
byte hex challenge (32 bit) you would need 64 GB of space to store the
MD5 hashes for all nonces. Assuming you can attack the ATA with 100
requests a second you would need more than a year to collect all the
responses... and who says the credentials do not changed periodically
and the ATA fetches new config from Vonage?
--Luki
More information about the asterisk-users
mailing list