[OpenSIPS-Users] Addressing Increased Security

Nick Khamis symack at gmail.com
Tue Apr 9 17:43:19 CEST 2013


Hello Everyone,

When performing certain security tasks using script and database queries,
we would like
to make sure that we are processing the more secure parts of the SIP
packet. As you know
fu, fd, tu, and td can be manually set by any user, as we do here in the
SIP proxy world:

From: "Mike Peer" <sip:5148390676 at 10.147.23.144>;tag=as15bc6a70.
To: <sip:1000 at sip.example.com>.
Contact: <sip:5148392007 at 10.147.23.144>.

And therefore not the most secure place to look when performing security
critical tasks.
(i.e., who is attempting to make/place a call)

Not sure what this part of the SIP packet is called:

U 2013/04/09 11:27:33.449280 69.147.236.82:5060 -> 192.168.2.5:5060

But it seems like a safe place to look since it looks like it's generated
on our side. If so, what OpenSIPS variables return

Source: 10.147.23.144:5060 and Destination: 192.168.2.5:5060

Would src_ip and dst_ip be the best place to start? As for dst_ip it will
always be the address
of the interface that receives the traffic however, what about interfaces
that are behind a nat (i.e., public/private ips).

Maybe the Via info is safer to process in cases where the caller/callee is
going through
a sexy little proxy like OpenSIPS? ;)

Via: SIP/2.0/UDP 10.147.23.144:5060;branch=z9hG4bK5027614e;rport.

Your Insights are greatly appreciated,

Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130409/23bad81e/attachment.htm>


More information about the Users mailing list