Hi all Over coffee we’ve been discussing the uniqueness and safety of call-id this morning. Lots of things like RTPEngine recording use call-id to generate filenames (yes it does escape them first :-). Not to mention dialog tracking (also uses from/to tags) etc.
Which got us thinking. As call-id is determined by the first SIP packet that normally comes from a UA, should we care if this UA was broken or worse malicious? What would happen if they were repeated? For example we may struggle to determine a recordings owner in RTPEngine (file name format is callid+random.wav). For security should we be rejecting requests where we’ve seen the call-id before? All theoretical over coffee, as it was that or start working! Just wondering what peoples thoughts were? Cheers Mark _______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
