Hi Alex,
Thank You, i'm trying to use this config:
if($(hdr(Record-Route)[0]{nameaddr.uri}) != $si and
$(hdr(Record-Route)[0]{nameaddr.uri}) != $null) {
xlog("L_INFO","Spoofing attack detected from $si, blocking");
exit;
} taken from here:
https://www.kamailio.org/wiki/tutorials/security/kamailio-security
but, it is not working because as you said the record-route - can be different,
like in my case: Record-Route: <sip:192.168.1.1;lr;did=637.07c7c2d7>
Temporarily, i solved using this configuration:
if($(hdr(Record-Route)[0]{nameaddr.uri}) != $null) {
if ( search_hf("Record-Route", ";", "f") ) {
$var(record_route) =
$(hdr(Record-Route)[0]{nameaddr.uri}{re.subst,/^sip:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3});.*/\1/});
if($var(record_route)) != $si {
xlogl("L_ERR","Spoofing Attack detected, Blocking\n");
exit;
}
} else {
if($(hdr(Record-Route)[0]{nameaddr.uri}) != $si) {
xlogl("L_ERR","Spoofing Attack detected, Blocking\n");
exit;
}
}
}; but, i'm not sure that this is right configuration - and maybe it could be
done better. How would you solve this problem?
Thank You.
_______________________________________________
Kamailio (SER) - Users Mailing List
[email protected]
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
