[OpenSIPS-Users] Addressing Increased Security

Bogdan-Andrei Iancu bogdan at opensips.org
Wed Apr 10 10:48:57 CEST 2013


Nick,

yes, it is true -> use $si and $sp to see the source IP and port (see 
http://www.opensips.org/Resources/DocsCoreVar19#toc80) .

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com


On 04/09/2013 09:19 PM, Nick Khamis wrote:
> On Tue, Apr 9, 2013 at 1:28 PM, Bogdan-Andrei Iancu 
> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
>     Hello Nick,
>
>     You can say that the IP level info may be trusted (as it is
>     provided by IP layer which is out of users control, so pretty safe).
>
>     About the content of the SIP package, without authentication,
>     nothing is to be trusted. Doing digest authentication for SIP
>     requests, you can trust the username+realm of the caller (username
>     in auth hdr which usually matches the SIP FROM hdr). So that's the
>     only information that you can say for 100% it is sure.
>
>     If you want to have more authenticated, take a look at SIP
>     Identity support
>     (http://www.opensips.org/html/docs/modules/1.9.x/identity.html),
>     but you also need that support in the clients too.
>
>     Regards,
>
>     Bogdan-Andrei Iancu
>     OpenSIPS Founder and Developer
>     http://www.opensips-solutions.com
>
>
>     On 04/09/2013 06:43 PM, Nick Khamis wrote:
>>     Hello Everyone,
>>
>>     When performing certain security tasks using script and database
>>     queries, we would like
>>     to make sure that we are processing the more secure parts of the
>>     SIP packet. As you know
>>     fu, fd, tu, and td can be manually set by any user, as we do here
>>     in the SIP proxy world:
>>
>>     From: "Mike Peer" <sip:5148390676 at 10.147.23.144
>>     <mailto:sip%3A5148390676 at 10.147.23.144>>;tag=as15bc6a70.
>>     To: <sip:1000 at sip.example.com <mailto:sip%3A1000 at sip.example.com>>.
>>     Contact: <sip:5148392007 at 10.147.23.144
>>     <mailto:sip%3A5148392007 at 10.147.23.144>>.
>>
>>     And therefore not the most secure place to look when performing
>>     security critical tasks.
>>     (i.e., who is attempting to make/place a call)
>>
>>     Not sure what this part of the SIP packet is called:
>>
>>     U 2013/04/09 11:27:33.449280 69.147.236.82:5060
>>     <http://69.147.236.82:5060> -> 192.168.2.5:5060
>>     <http://192.168.2.5:5060>
>>
>>     But it seems like a safe place to look since it looks like it's
>>     generated on our side. If so, what OpenSIPS variables return
>>
>>     Source: 10.147.23.144:5060 <http://10.147.23.144:5060> and
>>     Destination: 192.168.2.5:5060 <http://192.168.2.5:5060>
>>
>>     Would src_ip and dst_ip be the best place to start? As for dst_ip
>>     it will always be the address
>>     of the interface that receives the traffic however, what about
>>     interfaces that are behind a nat (i.e., public/private ips).
>>
>>     Maybe the Via info is safer to process in cases where the
>>     caller/callee is going through
>>     a sexy little proxy like OpenSIPS? ;)
>>
>>     Via: SIP/2.0/UDP 10.147.23.144:5060;branch=z9hG4bK5027614e;rport.
>>
>>     Your Insights are greatly appreciated,
>>
>>     Nick
>>
>>
>>     _______________________________________________
>>     Users mailing list
>>     Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> Hello Bogdan,
>
> I hope all is well, and thank you for your response :). We are 
> interested in the IP level info. I am assuming that info is this stuff 
> here:
>
> U 2013/04/09 11:27:33.449280 69.147.236.82:5060 
> <http://69.147.236.82:5060/>->192.168.2.5:5060 <http://192.168.2.5:5060/>
>
> If so, what variables (avp...) do we have at our disposal for this 
> info. Is it src_ip and dst_ip? Is there anything else?
>
> N.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130410/8becf0fe/attachment.htm>


More information about the Users mailing list