Hi Julien, doing IP based auth by the FROM domain is really insecure - only the IP at network level may be trusted. But if you want to change the FROM URI to reflect some IP address, use uac_replace_from() from UAC module - it will do it in RFC complaint way.
Regards, Bogdan Julien Chavanton wrote: > Hi, I have noticed that some SIP system are using the "From:" header > field domain/IP to authenticate or do some routing operation instead > of the sending IP address. > > If they authenticate only on the "From:" header field, I guess they > could be vulnarable to spoofing. > > Anyhow, I am wandering if we should replace the From header field IP > address with the one of the SIP proxy even if this is not RFC > recommended for a proxy ? > > > ------------------------------------------------------------------------ > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- Bogdan-Andrei Iancu www.voice-system.ro _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
