Discussion List for Freenum/ITAD Subscriber Number (ISN) Project

[John Covert <>]

If you firewall SIP from all but a few whitelisted addresses, then there
is no point at all to ISN dialing via an ITAD number which your employees
put on their business cards, is there?

And no point to ENUM at all.  Just give all the traffic to the carriers.
Forget the idea of open telephony.

No!  I won't give up, just because the script kiddies are out there
banging away.

Better to publish something in the ISN ENUM that prefixes all of your
numbers with a unique digit sequence that can be validated, and accept
anonymous SIP calls from all addresses, but only if they begin with the
published sequence.

And you can automate the addition of firewall rules for the addresses
running SIPvicious and other bots, as well as the pruning of addresses
that haven't been naughty for some time.

/john

On 9/4/2017 3:20 PM, James Cloos wrote:
> > > > > > <>
> > > > > >   writes:
> > Hi i'm intersting in use ITAD number, but i assume that for security issues
> > unviable, i looking for information and for examples in multiple vendors but
> > seems to be inexistent, i want to implement with clients in an asterisk
> > server, do you recomend to use it with all security recomendations or it is
> > better not use it?
> The best option is to put a sip proxy in front of the pbx, and have it reject
> unwanted sip, much like how MXs reject bogus mail.
>
> The sip proxy can forward INVITEs you want on to your asterisk.  The asterisk
> machine should firewall sip from all but a few whitelisted addresses.
>
> -JimC