[asterisk-dev] Summary: SIP, NAT, security concerns, oh my!
Bruce B
bruceb444 at gmail.com
Wed Nov 9 14:05:27 CST 2011
I just did an X-Lite register to Asterisk extension and first SIP invite
included extension but then Asterisk rejected and asked for authentication
to which X-Lite provided password?!
So, why is there the need to invite without providing authentication in the
first place? Why is there a two step to authentication? This really shows a
shortcoming of SIP v2.0 RFC when it comes to this type of security
implementation.
Regards,
Bruce
On Wed, Nov 9, 2011 at 10:33 AM, Terry Wilson <twilson at digium.com> wrote:
> > Method REGISTER? No known username in the From/To? => No answer.
> > Method anything else? Not from a known IP+port? => No answer.
>
> Of course, answering when we have a user and not answering when we don't
> makes it pretty easy to scan for usernames.
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20111109/20ea01fd/attachment-0001.htm>
More information about the asterisk-dev
mailing list