On 05/02/2010 17:33, Drew Weaver wrote:
Has anyone done any research or have any anecdotal numbers related
to how common it is to have a SIP gateway sitting out on the Internet with
no ACL or authentication? Recently we have noticed a couple of instances
where we get abuse complaints from companies who claim that one of our
hosting clients 'stole SIP service' from them. This reminds me somewhat of
the 'SMTP open relay' days. We obviously take action and shut the offending
user down but I can't help but wonder how common this practice is. Usually I
just ask the company why their system allows anyone to use their SIP gateway
and they usually say something like We can't predict what IP our users will
come in from... etc
I am just wondering if anyone else has noticed this trend.
The VoiceOps mailing list (http://www.voiceops.org/) would probably
have more info for you on this. Although many people are on NANOG too
and may chime in.
On Fri, Feb 5, 2010 at 9:50 AM, Chris Hills c...@chaz6.com wrote:
If you register your phone numbers in e164.arpa it is pretty useless adding
records for a sip server that requires authentication because hardly anybody
is going to be able to reach you!
If the call is to Me, then I don't care about authentication. If the
call is to someone else, then I require authentication. That is
fairly easy to configure on every SIP platform that I have used.
-Jonathan
