hello there, i am trying to check some security issues with gnugk v2.2.b4. [short version]: i try to avoid: - registering from not authorized clients - register with wrong h323-id or wrong e164 number - register with more h323-ids or e164 numbers as allowed - receive setups with other calling party number as registered but its seems not so easy to do that or its not possible. [long version] first of all i dont use mysql, ldap or radius - only gatekeeper.ini my idea is to rise up security on the gatekeeper in a simple way. after studying the gnu gatekeeper v2.2 documentation there are only 3 interesting sections in gatekeeper.ini: [Gatekeeper::Auth] SimplePasswordAuth=required;RRQ,LRQ AliasAuth=required;RRQ,LRQ,Setup default=allow [SimplePasswordAuth] name=lApY8ZP8kXc= [RasSrv::RRQAuth] 49301234567=sigip:195.71.1.2:1720 default=reject but with this config its only possible to check h323-id/password and the 164-number, but only with static ip and a client can register with more h323-ids as configured. * is it not possibe to use alias-auth with dynamic ips? * is it possible to check all h323-ids and e164-numbers a client is sending? i hope someone can help. regards thomas -- | thomas balsfulland tbals@xxxxxxxxx | | | | zwischen mut und dummheit liegt nur ein grat, | | der sich durch das vorbereitetsein unterscheidet | ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
