On 05/02/2010 17:33, Drew Weaver wrote: > > Has anyone done any research or have any anecdotal numbers related > to how common it is to have a SIP gateway sitting out on the Internet with > no ACL or authentication? Recently we have noticed a couple of instances > where we get abuse complaints from companies who claim that one of our > hosting clients 'stole SIP service' from them. This reminds me somewhat of > the 'SMTP open relay' days. We obviously take action and shut the offending > user down but I can't help but wonder how common this practice is. Usually I > just ask the company why their system allows anyone to use their SIP gateway > and they usually say something like "We can't predict what IP our users will > come in from... etc" > > I am just wondering if anyone else has noticed this trend.
The VoiceOps mailing list (http://www.voiceops.org/) would probably have more info for you on this. Although many people are on NANOG too and may chime in. On Fri, Feb 5, 2010 at 9:50 AM, Chris Hills <c...@chaz6.com> wrote: > If you register your phone numbers in e164.arpa it is pretty useless adding > records for a sip server that requires authentication because hardly anybody > is going to be able to reach you! If the call is to Me, then I don't care about authentication. If the call is to someone else, then I require authentication. That is fairly easy to configure on every SIP platform that I have used. -Jonathan