[OpenSIPS-Users] Security: Record Route & Loose Routing.
Alan Frisch
frisch.alan at gmail.com
Mon May 30 22:28:16 CEST 2011
Now I can't say I have a complete understanding of OpenSIPS but was
always wondering about the following code I have seen in various
sample configs. Loose routing and to_tag's have always confused me...
so I am wondering about how secure this is:
Now take the following code:
if (has_totag())
{
if (loose_route())
{
if (is_method("BYE"))
{
setflag(1); # do accounting ...
setflag(3); # ... even if the transaction fails
} else if (is_method("INVITE")) {
record_route();
}
}
t_relay();
} else {
if (is_method("ACK"))
{
t_on_reply("1");
t_relay();
}
sl_send_reply("404", "Not Found");
}
exit;
} else {
if(loose_route() && !is_method("ACK"))
{
sl_send_reply("403", "Initial Loose-Routing Rejected");
exit;
}
}
Later on I have code that discard any uri's not to myself and
authenticates initial INVITE processing for sending out to an ITSP for
PSTN
Let's say my ITSP (1.2.3.4) authenticate via my IP (5.6.7.8). If a
hacker knows I use ITSP 1.2.3.4 and was to craft an INVITE packet with
a fake TO TAG and pre-loaded Route headers, could they bypass the
authentication and commit toll fraud via this Loose Routing section?
If so, how can this be avoided... I've seen someone use a record_route
before this section but do not know if this would prevent it (if this
is even possible).
Any insight and information is appreciated.
AF.
More information about the Users
mailing list