[OpenSIPS-Users] Addressing Increased Security

Nick Khamis symack at gmail.com
Tue Apr 9 20:19:22 CEST 2013


On Tue, Apr 9, 2013 at 1:28 PM, Bogdan-Andrei Iancu <bogdan at opensips.org>wrote:

> **
> Hello Nick,
>
> You can say that the IP level info may be trusted (as it is provided by IP
> layer which is out of users control, so pretty safe).
>
> About the content of the SIP package, without authentication, nothing is
> to be trusted. Doing digest authentication for SIP requests, you can trust
> the username+realm of the caller (username in auth hdr which usually
> matches the SIP FROM hdr). So that's the only information that you can say
> for 100% it is sure.
>
> If you want to have more authenticated, take a look at SIP Identity
> support (http://www.opensips.org/html/docs/modules/1.9.x/identity.html),
> but you also need that support in the clients too.
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developerhttp://www.opensips-solutions.com
>
>
> On 04/09/2013 06:43 PM, Nick Khamis wrote:
>
>  Hello Everyone,
>
>  When performing certain security tasks using script and database
> queries, we would like
> to make sure that we are processing the more secure parts of the SIP
> packet. As you know
> fu, fd, tu, and td can be manually set by any user, as we do here in the
> SIP proxy world:
>
>  From: "Mike Peer" <sip:5148390676 at 10.147.23.144>;tag=as15bc6a70.
> To: <sip:1000 at sip.example.com>.
> Contact: <sip:5148392007 at 10.147.23.144>.
>
>  And therefore not the most secure place to look when performing security
> critical tasks.
> (i.e., who is attempting to make/place a call)
>
>  Not sure what this part of the SIP packet is called:
>
>  U 2013/04/09 11:27:33.449280 69.147.236.82:5060 -> 192.168.2.5:5060
>
>  But it seems like a safe place to look since it looks like it's
> generated on our side. If so, what OpenSIPS variables return
>
>  Source: 10.147.23.144:5060 and Destination: 192.168.2.5:5060
>
>  Would src_ip and dst_ip be the best place to start? As for dst_ip it
> will always be the address
> of the interface that receives the traffic however, what about interfaces
> that are behind a nat (i.e., public/private ips).
>
>  Maybe the Via info is safer to process in cases where the caller/callee
> is going through
> a sexy little proxy like OpenSIPS? ;)
>
>  Via: SIP/2.0/UDP 10.147.23.144:5060;branch=z9hG4bK5027614e;rport.
>
>  Your Insights are greatly appreciated,
>
>  Nick
>
>
> _______________________________________________
> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
Hello Bogdan,

I hope all is well, and thank you for your response :). We are interested
in the IP level info. I am assuming that info is this stuff here:

U 2013/04/09 11:27:33.449280 69.147.236.82:5060 -> 192.168.2.5:5060

If so, what variables (avp...) do we have at our disposal for this info. Is
it src_ip and dst_ip? Is there anything else?

N.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130409/2d628c27/attachment-0001.htm>


More information about the Users mailing list