> Hi, because SIP design an UAC is responsible for setting its > "Contact" field in the REGISTER. This can be used to spoof > other UAS or gateways location by malicious users. > > There are "not very ellegant" solutions for this issue but > I'm thinking about forcing a convention: > > A SIP UAC with AoR "sip:[EMAIL PROTECTED]" SHOULD send a REGISTER with: > Contact: <sip:[EMAIL PROTECTED]> > and the registrar server SHOULD reject any REGISTER with a > "Contact" not respecting this convention for the registering AoR. > > I set "[EMAIL PROTECTED]" since > "[EMAIL PROTECTED]" > would not be secure in multidomain enviroments.
How would you cope with multi-port gateway devices that (say) wanted to register the same AoR for mutliple ports, but uses a single IP address for both, or when you have the case of multiple instances of the same AoR behind an SBC? _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
