Some of us do allow sip from the internet, but just like for smtp email protections are in order.
I point my SRV records at dedicated sip proxies (I use kamailio) which check the INVITEd sip uri the same way my MXs check the SMTP Evelope-To addresses, and only allow INVITEs through to authorized destinations. And when those INVITEs make it to asterisk/freeswitch or the like, the dialplan is generally not direct to phone(s), but via an IVR. As an example, calling my email address via sip goes to an Asterisk FollowMe instance. I also provide my clients with dedicated sip addresses which avoid the protections. But the vast majority of the INVITEs coming to my public sip proxies are fraud attempts. My primary sip proxy has blocked over 32k fraudulent INVITEs over the last six months. And about one OPTIONS sip:100@... per hour by something calling itself "friendly-scanner". Then again, the number of invalid sip INVITEs per public sip destination are fewer than the number of spam/virus type SMTP attempts per unit time. And all of the telemarking fraud I have had to deal with have come via pstn dids, not via direct sip. A half-gig virtual works fine for such a sip proxy. You may also want to look into getting an ISN number, check out http://freenum.org/ for the details. -JimC -- James Cloos <cl...@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
