[OpenSER-Users] Security hole in REGISTER's Contact using domain
Iñaki Baz Castillo
ibc at in.ilimit.es
Fri Dec 14 11:35:36 CET 2007
El Friday 14 December 2007 11:21:09 Neill Wilkinson escribió:
> Curve ball suggestion:
>
> Surely just authenticate all register requests with www-challenge. Hide
> your gateway and SER behind a firewall so your Gateway cannot be seen from
> the outside work (from a SIP Signalling perspective), and for PSTN calls
> from authenticated users do a rewritehost and forward to send the INVITEs
> on to the PSTN gateway?
Sorry, but that is not enough, that is the reason I opened this thread.
Of course I do all you say there, but the problem exists if a user sends a
malicious REGISTER indicating in the "Contact" a domain pointing to the gw IP
with a username as PSTN number.
Later if other user calls the previous one, the proxy will do "lookup" and get
this RURI:
sip:PSTN_number at gw_domain
The proxy then will send there the INVITE (to its gateway). Of course, no
www-challenge auth is done from proxy to gw, so gw will accept this call (it
comes from proxy IP !!!).
Solutions for this has been given by Juha in previous replies.
Regards.
--
Iñaki Baz Castillo
ibc at in.ilimit.es
More information about the Users
mailing list