[asterisk-users] pjsip: don't require authentication from remote i register to

Joshua C. Colp jcolp at digium.com
Fri Mar 1 15:24:38 CST 2019

On Fri, Mar 1, 2019, at 5:09 PM, Brian J. Murrell wrote:
> On Fri, 2019-03-01 at 15:54 -0500, Joshua C. Colp wrote:
> > 
> > That's correct. You'd either need to retrieve the line parameter from
> > the outbound registration or forge the source IP address,
> Can I eliminate the identify by IP address then, given that my ITSP is
> supporting the line parameter? Or make even better, require them both
> to be identified?

Identification is one or the other. You can eliminate the IP address based if you wish.

> > and as you stated the scope of what they can do is limited.
> I guess this is just a risk that everyone lives with. As a limited
> scope risk, anyway.

Yes, it even impacts phones. Depending on configuration some don't even care, so you can get rogue calls.

Joshua C. Colp
Digium - A Sangoma Company | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
Check us out at: www.digium.com & www.asterisk.org

More information about the asterisk-users mailing list