<div dir="ltr"><div style>Hello Everyone,</div><div style><br></div><div style>When performing certain security tasks using script and database queries, we would like</div><div style>to make sure that we are processing the more secure parts of the SIP packet. As you know</div>
<div style>fu, fd, tu, and td can be manually set by any user, as we do here in the SIP proxy world:</div><div style><br></div><div style><div>From: "Mike Peer" <<a href="mailto:sip%3A5148390676@10.147.23.144">sip:5148390676@10.147.23.144</a>>;tag=as15bc6a70.</div>
<div>To: <<a href="mailto:sip%3A1000@sip.example.com">sip:1000@sip.example.com</a>>.</div><div>Contact: <<a href="mailto:sip%3A5148392007@10.147.23.144">sip:5148392007@10.147.23.144</a>>.</div><div><br></div><div style>
And therefore not the most secure place to look when performing security critical tasks.</div><div style>(i.e., who is attempting to make/place a call)</div><div style><br></div><div style>Not sure what this part of the SIP packet is called:</div>
<div style><br></div><div style>U 2013/04/09 11:27:33.449280 <a href="http://69.147.236.82:5060">69.147.236.82:5060</a> -> <a href="http://192.168.2.5:5060">192.168.2.5:5060</a><br></div><div style><br></div><div style>
But it seems like a safe place to look since it looks like it's generated on our side. If so, what OpenSIPS variables return </div><div style><br></div><div style>Source: <a href="http://10.147.23.144:5060">10.147.23.144:5060</a> and Destination: <a href="http://192.168.2.5:5060">192.168.2.5:5060</a></div>
<div style><br></div><div style>Would src_ip and dst_ip be the best place to start? As for dst_ip it will always be the address</div><div style>of the interface that receives the traffic however, what about interfaces that are behind a nat (i.e., public/private ips).</div>
<div style><br></div><div style>Maybe the Via info is safer to process in cases where the caller/callee is going through</div><div style>a sexy little proxy like OpenSIPS? ;)</div><div><br></div></div><div>Via: SIP/2.0/UDP 10.147.23.144:5060;branch=z9hG4bK5027614e;rport.<br>
</div><div><br></div><div style>Your Insights are greatly appreciated,</div><div style><br></div><div style>Nick</div></div>