On Mon, March 14, 2005 17:06, Andres said:
You might want to try the steps provided above yourself Peter. Because
even if we have a context that leads to never never land at the top of
sip.conf, I am still able to make free calls. A sip debug clearly
Welcome to the wonderful world of
On Tue, 15 Mar 2005 02:03:54 +1100 (EST), Duane [EMAIL PROTECTED] wrote:
On Mon, March 14, 2005 17:06, Andres said:
You might want to try the steps provided above yourself Peter. Because
even if we have a context that leads to never never land at the top of
sip.conf, I am still able to
Deti Fliegl wrote:
Hi there,
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular user with
username and secret can fake any callerid in subsequent INVITEs.
Asterisk does not apply an accountcode or
On Mon, 14 Mar 2005 00:27:12 -0500, Andres [EMAIL PROTECTED] wrote:
Deti Fliegl wrote:
Hi there,
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular user with
username and secret can fake
Peter Bowyer wrote:
On Mon, 14 Mar 2005 00:27:12 -0500, Andres [EMAIL PROTECTED] wrote:
Deti Fliegl wrote:
Hi there,
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular user with
username and
On Fri, 11 Mar 2005 14:41:37 -0500, C F [EMAIL PROTECTED] wrote:
Welcome to SIP, this is how SIP works, thats why ppl use IAX.
It is a combination of chan_sip and the particular sip.conf actually.
Sane SIP servers will challenge all INVITEs, and apply user
identification from the user
Hi there,
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular user with
username and secret can fake any callerid in subsequent INVITEs.
Asterisk does not apply an accountcode or callerid from sip.conf.
Deti Fliegl wrote:
Hi there,
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular user with
username and secret can fake any callerid in subsequent INVITEs.
Asterisk does not apply an accountcode or
Welcome to SIP, this is how SIP works, thats why ppl use IAX.
On Fri, 11 Mar 2005 19:06:20 +0100, Deti Fliegl [EMAIL PROTECTED] wrote:
Hi there,
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular
On Fri, Mar 11, 2005 at 01:13:25PM -0600, [EMAIL PROTECTED] wrote:
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular user with
username and secret can fake any callerid in subsequent INVITEs.
C F wrote:
Welcome to SIP, this is how SIP works, thats why ppl use IAX.
Welcome to SIP for dummies: You have to distinguish between SIP callerid
and authentication. First a callerid is used to call another party or
to identify yourself to another party. Such a callerid is sent via a
This is a preliminary fix for the exploit identified in my last
postings. By far it would be better to fix the find_user call to look
for both, the From-header and an username in the
Proxy-Authorization-header. We even should set a environment variable
(which can be used for dialplans) to
Deti Fliegl wrote:
This is a preliminary fix for the exploit identified in my last
postings. By far it would be better to fix the find_user call to look
for both, the From-header and an username in the
Proxy-Authorization-header. We even should set a environment variable
(which can be used for
13 matches
Mail list logo
