Configure Identical Registration Intervals
Scenarios in which the device doesn't forward user registrations to a server (e.g., a PBX) and the device receives a new SIP REGISTER request from the same number (i.e., same AOR) but without an Authentication header, the device still sends a SIP 200 OK response to the user. This is because the AOR already exists in the device's registration database. Therefore, if an illegitimate user attempts to connect with a legitimate IP address and phone number (without authentication), the malicious user can connect and steal calls.
To overcome this issue and prevent stealing of calls, make sure that you configure the user and proxy registration times with identical values.
| ➢ | To configure identical registration intervals for user and proxy: |
| 1. | Open the SBC General Settings page (Setup menu > Signaling & Media tab > SIP Definitions folder > Proxy & Registration). |
| 2. | In the 'User Registration Time' field, configure the duration of the periodic registrations between the user and the device. |
| 3. | In the 'Proxy Registration Time' field, configure the time interval (in seconds) that the device must register to the server (e.g., PBX). |
Configuring User Registration Times
