[VoiceOps] Preventing random SIP connections to handsets

Matthew Crocker matthew at corp.crocker.com
Fri Nov 20 15:29:55 EST 2015 

There is a setting in the Polycom config so it will only accept INVITES from the IP it has registered to.     You can also configure it to authenticate all INVITES.

To match to IP address of the registered line
voIpProt.SIP.requestValidation.x.method=“source"
voIpProt.SIP.requestValidation.x.request=“INVITE”

To require authentication of the registered line.
voIpProt.SIP.requestValidation.x.method=“digest"
voIpProt.SIP.requestValidation.x.request=“INVITE”


—

Matthew Crocker
President - Crocker Communications, Inc.
Managing Partner - Crocker Telecommunications, LLC
E: matthew at corp.crocker.com
E: matthew at crocker.com


> On Nov 20, 2015, at 3:19 PM, Alex Balashov <abalashov at evaristesys.com> wrote:
> 
> I was getting ghost ringing into my Polycom because my router sensibly remaps phone:5060 to WAN_IP:5060. My solution was to switch to SIP TCP.
> 
> On 11/20/2015 03:14 PM, Carlos Alvarez wrote:
> 
>> We're starting to see customers who get random arbitrary ringing caused
>> by a random connection attempt from the internet.  Most of our customers
>> have Cisco routers with full-cone NAT, so it's easy to do that.  We
>> don't reinvite handsets, we proxy the media, so we've considered using
>> restricted NAT instead.  If we can figure out how, we can't find any
>> documentation on how to do it, and don't have a response to our Cisco
>> TAC case on it yet.
>> 
>> But I figured I'd ask if others have come up with better solutions.  I
>> know there are a few authentication options in the phones themselves,
>> but they seem to vary greatly by vendor and even by model.  I like to do
>> things as simply and system-wide as possible.  We primarily sell
>> Grandstream, and we support Cisco/Linksys SPA as well as Polycom IP
>> series (not VVX).
>> 
>> We're an Asterisk-based hosted service provider.
>> 
>> 
>> 
>> _______________________________________________
>> VoiceOps mailing list
>> VoiceOps at voiceops.org
>> https://puck.nether.net/mailman/listinfo/voiceops
>> 
> 
> 
> -- 
> Alex Balashov | Principal | Evariste Systems LLC
> 303 Perimeter Center North, Suite 300
> Atlanta, GA 30346
> United States
> 
> Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct)
> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
>

More information about the VoiceOps mailing list