Nick,
yes, it is true -> use $si and $sp to see the source IP and port (see
http://www.opensips.org/Resources/DocsCoreVar19#toc80) .
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 04/09/2013 09:19 PM, Nick Khamis wrote:
On Tue, Apr 9, 2013 at 1:28 PM, Bogdan-Andrei Iancu
<[email protected] <mailto:[email protected]>> wrote:
Hello Nick,
You can say that the IP level info may be trusted (as it is
provided by IP layer which is out of users control, so pretty safe).
About the content of the SIP package, without authentication,
nothing is to be trusted. Doing digest authentication for SIP
requests, you can trust the username+realm of the caller (username
in auth hdr which usually matches the SIP FROM hdr). So that's the
only information that you can say for 100% it is sure.
If you want to have more authenticated, take a look at SIP
Identity support
(http://www.opensips.org/html/docs/modules/1.9.x/identity.html),
but you also need that support in the clients too.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 04/09/2013 06:43 PM, Nick Khamis wrote:
Hello Everyone,
When performing certain security tasks using script and database
queries, we would like
to make sure that we are processing the more secure parts of the
SIP packet. As you know
fu, fd, tu, and td can be manually set by any user, as we do here
in the SIP proxy world:
From: "Mike Peer" <sip:[email protected]
<mailto:sip%[email protected]>>;tag=as15bc6a70.
To: <sip:[email protected] <mailto:sip%[email protected]>>.
Contact: <sip:[email protected]
<mailto:sip%[email protected]>>.
And therefore not the most secure place to look when performing
security critical tasks.
(i.e., who is attempting to make/place a call)
Not sure what this part of the SIP packet is called:
U 2013/04/09 11:27:33.449280 69.147.236.82:5060
<http://69.147.236.82:5060> -> 192.168.2.5:5060
<http://192.168.2.5:5060>
But it seems like a safe place to look since it looks like it's
generated on our side. If so, what OpenSIPS variables return
Source: 10.147.23.144:5060 <http://10.147.23.144:5060> and
Destination: 192.168.2.5:5060 <http://192.168.2.5:5060>
Would src_ip and dst_ip be the best place to start? As for dst_ip
it will always be the address
of the interface that receives the traffic however, what about
interfaces that are behind a nat (i.e., public/private ips).
Maybe the Via info is safer to process in cases where the
caller/callee is going through
a sexy little proxy like OpenSIPS? ;)
Via: SIP/2.0/UDP 10.147.23.144:5060;branch=z9hG4bK5027614e;rport.
Your Insights are greatly appreciated,
Nick
_______________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Hello Bogdan,
I hope all is well, and thank you for your response :). We are
interested in the IP level info. I am assuming that info is this stuff
here:
U 2013/04/09 11:27:33.449280 69.147.236.82:5060
<http://69.147.236.82:5060/>->192.168.2.5:5060 <http://192.168.2.5:5060/>
If so, what variables (avp...) do we have at our disposal for this
info. Is it src_ip and dst_ip? Is there anything else?
N.
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
