I added this information in the wiki: http://www.kamailio.org/dokuwiki/doku.php/features:new-in-1.5.x
Cheers, Daniel On 01/16/2009 11:04 AM, Klaus Darilion wrote: > > > Luciano Afranllie schrieb: >> What should I do to get 1.5? Is there a 1.5 branch or should I get >> trunk? > > Trunk. 1.5 branch will be created when 1.5 will be released (somewhere > in February) > > klaus > >> >> Thanks >> Luciano >> >> On Thu, Jan 15, 2009 at 12:21 PM, Daniel-Constantin Mierla >> <mico...@gmail.com> wrote: >>> Hello, >>> >>> thanks Klaus and Victor for details. >>> >>> With kamailio 1.5 this can be solved in another way, pretty easy -- >>> allow users to call only from registered devices. >>> >>> Check here the example 2: >>> http://openser.blogspot.com/2008/10/registrar-enhancements.html >>> >>> The condition can be extended so that you match the received(source >>> ip)/contact in invite with the contact in location record. >>> >>> So guys, start testing 1.5, it does have lot of cool new features: >>> http://www.kamailio.org/dokuwiki/doku.php/features:new-in-1.5.x >>> >>> Cheers, >>> Daniel >>> >>> On 01/15/2009 12:00 PM, Klaus Darilion wrote: >>>> Hi! >>>> >>>> For those who are interested in this attack - I have attached the >>>> relevant slides from my SIP security lectures. >>>> >>>> regards >>>> Klaus >>>> >>>> PS: an exploit based on sipp scenario files is available too on >>>> request (for educational purposes :-) >>>> >>>> >>>> >>>> Klaus Darilion schrieb: >>>>> IIRC to solve this issue completely the UAC should never send >>>>> credentials to unknown parties - only to its SIP proxy (some clients >>>>> have a "force outbound proxy" feature which does the same). Then the >>>>> SIP proxy can remove credentials before forwarding to other parties. >>>>> >>>>> As soon as a client send messages (with credentials) directly to >>>>> other parties there is nothing you can do on the proxy side. >>>>> >>>>> regards >>>>> klaus >>>>> >>>>> Victor Pascual Ávila schrieb: >>>>>> Hi, >>>>>> excuse me if this message is not directly related to Kamailio. >>>>>> >>>>>> I'm just wondering if folks could share with me if (and how) they >>>>>> have >>>>>> prevented the "SIP Digest Access Authentication RELAY" in their >>>>>> networks (and what worked for them or not). >>>>>> NAT boxes reduce dramatically the scenarios for a successful attack. >>>>>> Otherwise, some might be mitigating the attack by means of >>>>>> forcing UAs >>>>>> to use outbound proxies while others might be reducing the attack >>>>>> incentives by means of message integrity. >>>>>> >>>>>> Any comment would be appreciated, >>>>> _______________________________________________ >>>>> Kamailio (OpenSER) - Users mailing list >>>>> Users@lists.kamailio.org >>>>> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users >>>>> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users >>>> ------------------------------------------------------------------------ >>>> >>>> >>>> _______________________________________________ >>>> Kamailio (OpenSER) - Users mailing list >>>> Users@lists.kamailio.org >>>> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users >>>> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users >>> -- >>> Daniel-Constantin Mierla >>> http://www.asipto.com >>> >>> >>> _______________________________________________ >>> Kamailio (OpenSER) - Users mailing list >>> Users@lists.kamailio.org >>> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users >>> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users -- Daniel-Constantin Mierla http://www.asipto.com _______________________________________________ Kamailio (OpenSER) - Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
