You're right, most phones have both options also. However I'm not sure how the "same server" is applied for a phone behind NAT. Would the phone actually know where the call came from? I've never tried it. Alex, it does work fine with Asterisk, at least on a small scale test. But the fear of changing something so drastic on thousands of phones lead me to asking about it here. On Wed, Aug 8, 2018 at 10:48 AM David Knell <david.knell at telng.com> wrote:

Been there, had that :-) Auth works; you might also find an option to only accept calls from the server to which the phone's registered.

--Dave

On Wed, Aug 8, 2018 at 8:43 PM, Carlos Alvarez <caalvarez at gmail.com> wrote:

...

Do most of you have the phones authenticate incoming calls? We haven't been, but occasionally find a router that has unfiltered full cone NAT (Cisco) or that puts one phone on 5060 with no filtering by IP. The result is that the phone will start ringing at random as script kiddies hit the IP and port 5060 trying to find servers to exploit. I don't see a downside to changing to auth, but not having done it outside of a few tests of a small number of phones, I figured I would ask.

_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops

--

David Knell, Director, TelNG T: +44 1223 797979 / +1 970-315-4721 W: http://www.telng.com H: http://www.daveknell.com