On 02/28/2011 07:27 AM, Rizwan Hisham wrote:
Any suggestions on encrypting the sip and rtp. I have done some googling on it. looks like it is not supported by most end point devices or service providers. But still your thoughts will be appreciated on this subject.
You cannot protect a remote SIP endpoint from attacks via your server; that SIP endpoint is an endpoint itself, and if it can receive IP packets from attackers, it will process them. These packets don't go through your server, and encrypting the legitimate traffic between your server and the remote endpoint isn't going to make any difference at all.
The *only* way to address attacks like this is to modify the configuration of the remote endpoint to ignore all incoming packets that aren't from your server(s). Even that is not a perfect solution, though, because the attacker (if they are actually aware of your server and customers) can spoof the IP addresses of your server(s) in order to get the remote endpoints to at least accept an INVITE (they can't place a successful call through them using spoofing though).
-- Kevin P. Fleming Digium, Inc. | Director of Software Technologies 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA skype: kpfleming | jabber: [email protected] Check us out at www.digium.com & www.asterisk.org -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
