<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1226" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>another one, </FONT></DIV>
<DIV><FONT face=Arial size=2>i think we ought to increase the security of the
sip acl, authentication is fine using digest but there are "broken"
sip endpoints which couldn't really support the digest authentication or
endpoints which are really static, (using static registration would lessen
overhead).</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>my point is, when you put defaultip=x.x.x.x in
sip.conf, changing ip addresses would enable me to attack * by flooding invites.
* permits calls even though the defaultip tag in sip.conf does not match the
caller's ip address. usually, like ser or vocal, it 'may' challenge the invites
it receives so that if it is not properly authenticated, it will be rejected and
not proxied. in this case, if we set the defaultip, i think * should only allow
sip message to and from the provisioned user. </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>another note, can we like have an entry in sip.conf
that will enable you to provision a high density fxs box, let's say 24 ports in
just 1 entry? for example:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>[1300-1323] </FONT></DIV>
<DIV><FONT face=Arial size=2>type=friend</FONT></DIV>
<DIV><FONT face=Arial size=2>defaultip=x.x.x.x</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>this will yield a much more simpler configuration,
besides all those extensions use just 1 ip address. ata 186 will also benefit
from this configuration...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></BODY></HTML>