[OpenSIPS-Users] resending the ACK to itself

Iñaki Baz Castillo ibc at aliax.net
Mon Mar 7 10:53:38 CET 2011


2011/3/4 Danny Dias <ing.diasdanny at gmail.com>:
>> > Also, adding the IP of the GW to the domain table will produce the
>> > mentioned bucle on the first message of this
>> > thread...Am i doind sometrhing wrong?
>>
>> Sure. I don't think you need to add a IP to the "domain" table, not at
>> all (see my comment above). But anyhow, adding a IP to the "domain"
>> table doesn't produce a loop at all, so it must be an error in your
>> conf.
>>
>
> Yes it does...tested several times, moving the IP from the the domain table
> fix the problem...

Adding an IP to the "domain" table doesn't cause a loop. Not at all.
But of course, if you use the "domain" module function wrongly then
there could occur a loop, or any unexpected error.

In my previous mails I've tryed to explain that you are performing
authorization based on the From domain, which is highly vulnerable (so
you are using "domain" module for a wrong purpose). It seems that
removing the IP from the "domain" table fixes your problem and you
don't care this security hole. So I will paste again my previous
question and invite you to think again about it ;)

- Do you need authorization based on source IP or based on From domain?
  (note: Anyone in the world can spoof a request with *any* domain/IP)



-- 
Iñaki Baz Castillo
<ibc at aliax.net>



More information about the Users mailing list