[VoiceOps] Phone auth for incoming calls?
Carlos Alvarez
caalvarez at gmail.com
Wed Aug 8 14:07:50 EDT 2018
That's a change I've never investigated. Or more precisely, haven't
investigated since the days when the advice for doing it was "good luck!!"
On Wed, Aug 8, 2018 at 11:00 AM Alex Balashov <abalashov at evaristesys.com>
wrote:
> I would have to agree with Calvin. Just use TCP.
>
> On August 8, 2018 1:58:47 PM EDT, Calvin Ellison <calvin.ellison at voxox.com>
> wrote:
> >Using TCP or TLS would avoid open NAT issue, and can cure some naughty
> >SIP
> >ALG issues as well, assuming you want to tolerate the overhead.
> >
> >For UDP, we've used both Digest and Source request validation with
> >Polycom
> >devices. Source validation is probably the easiest route, assuming the
> >UA
> >doesn't need to receive calls from anyone but its proxy or registrar.
> >Digest (nonce challenge) is better if you want to accept calls from
> >anyone
> >who knows your password, but we had an issue with a softswitch that
> >would
> >properly handle auth channel to INVITE but choked when a BYE was
> >challenged.
> >
> >
> >
> >
> >Regards,
> >
> >*Calvin Ellison*
> >Voice Operations Engineer
> >calvin.ellison at voxox.com
> >+1 (213) 285-0555
> >
> >-----------------------------------------------
> >*voxox.com <http://www.voxox.com/> *
> >5825 Oberlin Drive, Suite 5
> >San Diego, CA 92121
> >[image: Voxox]
> >
> >On Wed, Aug 8, 2018 at 10:43 AM, Carlos Alvarez <caalvarez at gmail.com>
> >wrote:
> >
> >> Do most of you have the phones authenticate incoming calls? We
> >haven't
> >> been, but occasionally find a router that has unfiltered full cone
> >NAT
> >> (Cisco) or that puts one phone on 5060 with no filtering by IP. The
> >result
> >> is that the phone will start ringing at random as script kiddies hit
> >the IP
> >> and port 5060 trying to find servers to exploit. I don't see a
> >downside to
> >> changing to auth, but not having done it outside of a few tests of a
> >small
> >> number of phones, I figured I would ask.
> >>
> >>
> >> _______________________________________________
> >> VoiceOps mailing list
> >> VoiceOps at voiceops.org
> >> https://puck.nether.net/mailman/listinfo/voiceops
> >>
> >>
>
>
> -- Alex
>
> --
> Sent via mobile, please forgive typos and brevity.
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20180808/a633107e/attachment.html>
More information about the VoiceOps
mailing list