On Tue, Apr 9, 2013 at 1:28 PM, Bogdan-Andrei Iancu <[email protected]>wrote:
> ** > Hello Nick, > > You can say that the IP level info may be trusted (as it is provided by IP > layer which is out of users control, so pretty safe). > > About the content of the SIP package, without authentication, nothing is > to be trusted. Doing digest authentication for SIP requests, you can trust > the username+realm of the caller (username in auth hdr which usually > matches the SIP FROM hdr). So that's the only information that you can say > for 100% it is sure. > > If you want to have more authenticated, take a look at SIP Identity > support (http://www.opensips.org/html/docs/modules/1.9.x/identity.html), > but you also need that support in the clients too. > > Regards, > > Bogdan-Andrei Iancu > OpenSIPS Founder and Developerhttp://www.opensips-solutions.com > > > On 04/09/2013 06:43 PM, Nick Khamis wrote: > > Hello Everyone, > > When performing certain security tasks using script and database > queries, we would like > to make sure that we are processing the more secure parts of the SIP > packet. As you know > fu, fd, tu, and td can be manually set by any user, as we do here in the > SIP proxy world: > > From: "Mike Peer" <sip:[email protected]>;tag=as15bc6a70. > To: <sip:[email protected]>. > Contact: <sip:[email protected]>. > > And therefore not the most secure place to look when performing security > critical tasks. > (i.e., who is attempting to make/place a call) > > Not sure what this part of the SIP packet is called: > > U 2013/04/09 11:27:33.449280 69.147.236.82:5060 -> 192.168.2.5:5060 > > But it seems like a safe place to look since it looks like it's > generated on our side. If so, what OpenSIPS variables return > > Source: 10.147.23.144:5060 and Destination: 192.168.2.5:5060 > > Would src_ip and dst_ip be the best place to start? As for dst_ip it > will always be the address > of the interface that receives the traffic however, what about interfaces > that are behind a nat (i.e., public/private ips). > > Maybe the Via info is safer to process in cases where the caller/callee > is going through > a sexy little proxy like OpenSIPS? ;) > > Via: SIP/2.0/UDP 10.147.23.144:5060;branch=z9hG4bK5027614e;rport. > > Your Insights are greatly appreciated, > > Nick > > > _______________________________________________ > Users mailing > [email protected]http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > Hello Bogdan, I hope all is well, and thank you for your response :). We are interested in the IP level info. I am assuming that info is this stuff here: U 2013/04/09 11:27:33.449280 69.147.236.82:5060 -> 192.168.2.5:5060 If so, what variables (avp...) do we have at our disposal for this info. Is it src_ip and dst_ip? Is there anything else? N.
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
