[asterisk-users] Anonymous SIP calls
James Cloos
cloos at jhcloos.com
Sat Mar 28 10:17:57 CDT 2015
Some of us do allow sip from the internet, but just like for smtp email
protections are in order.
I point my SRV records at dedicated sip proxies (I use kamailio) which
check the INVITEd sip uri the same way my MXs check the SMTP Evelope-To
addresses, and only allow INVITEs through to authorized destinations.
And when those INVITEs make it to asterisk/freeswitch or the like, the
dialplan is generally not direct to phone(s), but via an IVR.
As an example, calling my email address via sip goes to an Asterisk
FollowMe instance.
I also provide my clients with dedicated sip addresses which avoid the
protections.
But the vast majority of the INVITEs coming to my public sip proxies are
fraud attempts. My primary sip proxy has blocked over 32k fraudulent
INVITEs over the last six months. And about one OPTIONS sip:100 at ... per
hour by something calling itself "friendly-scanner".
Then again, the number of invalid sip INVITEs per public sip destination
are fewer than the number of spam/virus type SMTP attempts per unit time.
And all of the telemarking fraud I have had to deal with have come via
pstn dids, not via direct sip.
A half-gig virtual works fine for such a sip proxy.
You may also want to look into getting an ISN number, check out
http://freenum.org/ for the details.
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6
More information about the asterisk-users
mailing list