Thanks Mr. Kevin. Can anyone please also tell me which firewall is best suited for asterisk/sip attack prevention. Is there any firewall built specially to address sip security problems?
On Mon, Feb 28, 2011 at 6:38 PM, Kevin P. Fleming <[email protected]>wrote: > On 02/28/2011 07:27 AM, Rizwan Hisham wrote: > >> Any suggestions on encrypting the sip and rtp. I have done some googling >> on it. looks like it is not supported by most end point devices or >> service providers. But still your thoughts will be appreciated on this >> subject. >> > > You cannot protect a remote SIP endpoint from attacks via your server; that > SIP endpoint is an endpoint itself, and if it can receive IP packets from > attackers, it will process them. These packets don't go through your server, > and encrypting the legitimate traffic between your server and the remote > endpoint isn't going to make any difference at all. > > The *only* way to address attacks like this is to modify the configuration > of the remote endpoint to ignore all incoming packets that aren't from your > server(s). Even that is not a perfect solution, though, because the attacker > (if they are actually aware of your server and customers) can spoof the IP > addresses of your server(s) in order to get the remote endpoints to at least > accept an INVITE (they can't place a successful call through them using > spoofing though). > > -- > Kevin P. Fleming > Digium, Inc. | Director of Software Technologies > 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA > skype: kpfleming | jabber: [email protected] > Check us out at www.digium.com & www.asterisk.org > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- Best Ragards Rizwan Qureshi VoIP/Asterisk Engineer Axvoice Inc. V: +92 (0) 3333 6767 26 E: [email protected] W: www.axvoice.com
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
