On Thu, Mar 13, 2014 at 8:26 AM, Pedro Niño <nino.pe...@gmail.com> wrote:
> The other (ugly) option, is to remove the auth from the phone, for the Sip > Provisioning, but that would leave and open door to a reboot attack without > auth needed from any IP. And I dont like that option. > This might not be as bad of an option as you think. If the SPA is behind a stateful firewall then that firewall should allow the NOTIFY from the registrar due to the REGISTER and NAT keep-alive packets opening the firewall, but disallow SIP from any other source. I would recommend verifying that before you deploy it though as I haven't tested it myself. Corey
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
