I would have to agree with Calvin. Just use TCP. On August 8, 2018 1:58:47 PM EDT, Calvin Ellison <calvin.elli...@voxox.com> wrote: >Using TCP or TLS would avoid open NAT issue, and can cure some naughty >SIP >ALG issues as well, assuming you want to tolerate the overhead. > >For UDP, we've used both Digest and Source request validation with >Polycom >devices. Source validation is probably the easiest route, assuming the >UA >doesn't need to receive calls from anyone but its proxy or registrar. >Digest (nonce challenge) is better if you want to accept calls from >anyone >who knows your password, but we had an issue with a softswitch that >would >properly handle auth channel to INVITE but choked when a BYE was >challenged. > > > > >Regards, > >*Calvin Ellison* >Voice Operations Engineer >calvin.elli...@voxox.com >+1 (213) 285-0555 > >----------------------------------------------- >*voxox.com <http://www.voxox.com/> * >5825 Oberlin Drive, Suite 5 >San Diego, CA 92121 >[image: Voxox] > >On Wed, Aug 8, 2018 at 10:43 AM, Carlos Alvarez <caalva...@gmail.com> >wrote: > >> Do most of you have the phones authenticate incoming calls? We >haven't >> been, but occasionally find a router that has unfiltered full cone >NAT >> (Cisco) or that puts one phone on 5060 with no filtering by IP. The >result >> is that the phone will start ringing at random as script kiddies hit >the IP >> and port 5060 trying to find servers to exploit. I don't see a >downside to >> changing to auth, but not having done it outside of a few tests of a >small >> number of phones, I figured I would ask. >> >> >> _______________________________________________ >> VoiceOps mailing list >> VoiceOps@voiceops.org >> https://puck.nether.net/mailman/listinfo/voiceops >> >>
-- Alex -- Sent via mobile, please forgive typos and brevity. _______________________________________________ VoiceOps mailing list VoiceOps@voiceops.org https://puck.nether.net/mailman/listinfo/voiceops