Ondo Sip has security problem

[soylo]

1. Brekeke Product Name and version:
2.4.6.7

2. Java version:
1.5.0_12
3. OS type and the version:
windows 2003
4. UA (phone), gateway or other hardware/software involved:

5. Select your network pattern from http://www.brekeke-sip.com/bbs/network/ ... terns.html :

number 9

6. Your problem:
Our Ondo SIP server has enabled REGISTER and INVITE Authentication and use Radiuscat to manage users account.

REGISTER=ON
INVITE=ON
Auth-user=user in "To:" (Register) YES
Auth-user=user in "From:" YES

The calls go to VoIP Gateway.

Problems
1. Hacker could REGISTER an invalid user without be registered in database of RadiusCat v1.5.5, all this after intensive flood attack.

2. Hacker could send calls using that invalid user

this is the dialplan
----------------------
Matching
$request=^INVITE
To=sip:([0-9]+)@

Deploy:
$session=com.sample.radius.proxy.RadiusAcct
$continue=true
-----------------------
Matching:
$request=^INVITE
To=sip:(519.{8})@

Deploy:
To=sip:%1@200.37.81.71
&net.sip.timeout.inviting=20000

Note:The Public IP is changed intensionality

Questions
1. ¿How to setup the ondo SIP to get more Trust or more secure?

2. Which is the dialplan to setup only users registered can do calls?

[hope]

have you set authentication parameters in sv.properties file as in http://www.brekeke.com/support/radiusca ... iuscat.php

if remove radius setting and use default authentication in brekeke, does it work?
1. ¿How to setup the ondo SIP to get more Trust or more secure?
at sip server/configuration/system, there is "Address Filtering".
you can define allowed or blocked ip address

2. Which is the dialplan to setup only users registered can do calls?
add the following in dial plan matching pattern
it will check if sender is registered.

$registeredsender = true