[asterisk-users] pjsip: don't require authentication from remote i register to
Joshua C. Colp
jcolp at digium.com
Fri Mar 1 15:24:38 CST 2019
On Fri, Mar 1, 2019, at 5:09 PM, Brian J. Murrell wrote:
> On Fri, 2019-03-01 at 15:54 -0500, Joshua C. Colp wrote:
> >
> > That's correct. You'd either need to retrieve the line parameter from
> > the outbound registration or forge the source IP address,
>
> Can I eliminate the identify by IP address then, given that my ITSP is
> supporting the line parameter? Or make even better, require them both
> to be identified?
Identification is one or the other. You can eliminate the IP address based if you wish.
>
> > and as you stated the scope of what they can do is limited.
>
> I guess this is just a risk that everyone lives with. As a limited
> scope risk, anyway.
Yes, it even impacts phones. Depending on configuration some don't even care, so you can get rogue calls.
--
Joshua C. Colp
Digium - A Sangoma Company | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org
More information about the asterisk-users
mailing list