Hi,
Thank you for your fast reply.
I am checking with our customer what/if it is necessary.
They already have a work-around as the ITSP stopped sending SIP OPTIONS.
But for my understanding, is answering SIP OPTIONS a requirement if you follow the RFC?
To do SIP hardening on CPE's in the past we have used the following requirement:
I.e. if register.example.com resolves to 192.0.2.1 and 192.0.2.1 and proxy.example.com resolves to 192.0.2.3 and 192.0.2.4, only if a request comes from any one of these four IP's it may answer.
The only requirement on the ITSP side would be that the do not use other IP's. But some ITSP's do fail this requirement. So it is not a catch-all.
Best regards,
Alcindo