Re: How common are wide open SIP gateways?

[Jonathan Thurman <jonathan () thurmantech com>]

On 05/02/2010 17:33, Drew Weaver wrote:
>        Has anyone done any research or have any anecdotal numbers related
> to how common it is to have a SIP gateway sitting out on the Internet with
> no ACL or authentication? Recently we have noticed a couple of instances
> where we get abuse complaints from companies who claim that one of our
> hosting clients 'stole SIP service' from them. This reminds me somewhat of
> the 'SMTP open relay' days. We obviously take action and shut the offending
> user down but I can't help but wonder how common this practice is. Usually I
> just ask the company why their system allows anyone to use their SIP gateway
> and they usually say something like "We can't predict what IP our users will
> come in from... etc"
>
> I am just wondering if anyone else has noticed this trend.

The VoiceOps mailing list (http://www.voiceops.org/) would probably
have more info for you on this.  Although many people are on NANOG too
and may chime in.



On Fri, Feb 5, 2010 at 9:50 AM, Chris Hills <chaz () chaz6 com> wrote:
> If you register your phone numbers in e164.arpa it is pretty useless adding
> records for a sip server that requires authentication because hardly anybody
> is going to be able to reach you!

If the call is to Me, then I don't care about authentication.  If the
call is to someone else, then I require authentication.  That is
fairly easy to configure on every SIP platform that I have used.

-Jonathan