[OpenSIPS-Users] registrant example

Bogdan-Andrei Iancu bogdan at opensips.org
Fri Sep 27 09:06:52 UTC 2024 

Authentication based on the content of the SIP message is weak, pron to 
easy attacks. Anyone can easily send you a call with "alice at 1.2.3.4" :P. 
Without a proper auth method (like digest or IP-auth), it totally 
unreliable.

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
   https://www.siphub.com

On 27.09.2024 11:52, Alexey wrote:
> Hi all,
>
> I would also like to mention the correlation between OpenSIPS configuration
> parameters and SIP headers in the SIP-registration process:
>
> according to the SIP protocol implementation, you are able to form the
> username in the Contact: header of your outgoing REGISTER-requests.
> In OpenSIPS you have to fill it in the 'binding_uri' column of the
> 'registrant' table [1].
>
> E.g. you want the remote server to send you INVITE with 'alice' in the
> username of the SIP Request's URI (rU [2] ), and your server's IP is 1.2.3.4,
> so you have to add 'sip:alice at 1.2.3.4' into this column.
>
> During outbound registration, your OpenSIPS will form the Contact: header
> in it's REGISTER request smth like:
>
>      Contact: <sip:alice at 1.2.3.4>;expires=3600
>
> So, after successful registration the remote server will send INVITEs to your
> OpenSIPS like:
>
>      INVITE sip:alice at 1.2.3.4:5060;user=phone SIP/2.0
>
> After that you can catch such rU using different techniques, starting
> from simple hard coding in the script:
>
>      if ( $rU == "alice" )
>          xlof(L_INFO, "[$ci] relaying to Asterisk PBX");
>          t_relay(, "192.168.88.11:5060");
>
> ... or in case if there are many incoming extensions, you may also use
> Dynamic Routing [3] module, to detect how to route inbound calls, according
> to prefix, filling the 'prefix' column of 'dr_rules' table [4] with
> the same username,
> you populate the Contact: header in outbound REGISTER-requests
> and respectively the same which will send the remote server in its INVITEs.
>
>
> [1] https://www.opensips.org/Documentation/Install-DBSchema-3-5#GEN-DB-REGISTRANT
> [2] https://www.opensips.org/Documentation/Script-CoreVar-3-5#toc77
> [3] https://opensips.org/docs/modules/3.5.x/drouting.html
> [4] https://www.opensips.org/Documentation/Install-DBSchema-3-5#GEN-DB-DR-RULES
>
>

More information about the Users mailing list