[122099] in North American Network Operators' Group
Re: How common are wide open SIP gateways?
daemon@ATHENA.MIT.EDU (Jonathan Thurman)
Fri Feb 5 13:09:28 2010
In-Reply-To: <hkhloo$q5k$1@ger.gmane.org>
Date: Fri, 5 Feb 2010 10:08:53 -0800
From: Jonathan Thurman <jonathan@thurmantech.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 05/02/2010 17:33, Drew Weaver wrote:
>
> =A0 =A0 =A0 =A0Has anyone done any research or have any anecdotal numbers=
related
> to how common it is to have a SIP gateway sitting out on the Internet wit=
h
> no ACL or authentication? Recently we have noticed a couple of instances
> where we get abuse complaints from companies who claim that one of our
> hosting clients 'stole SIP service' from them. This reminds me somewhat o=
f
> the 'SMTP open relay' days. We obviously take action and shut the offendi=
ng
> user down but I can't help but wonder how common this practice is. Usuall=
y I
> just ask the company why their system allows anyone to use their SIP gate=
way
> and they usually say something like "We can't predict what IP our users w=
ill
> come in from... etc"
>
> I am just wondering if anyone else has noticed this trend.
The VoiceOps mailing list (http://www.voiceops.org/) would probably
have more info for you on this. Although many people are on NANOG too
and may chime in.
On Fri, Feb 5, 2010 at 9:50 AM, Chris Hills <chaz@chaz6.com> wrote:
> If you register your phone numbers in e164.arpa it is pretty useless addi=
ng
> records for a sip server that requires authentication because hardly anyb=
ody
> is going to be able to reach you!
If the call is to Me, then I don't care about authentication. If the
call is to someone else, then I require authentication. That is
fairly easy to configure on every SIP platform that I have used.
-Jonathan
