<div dir="ltr"><div>On Tue, Apr 9, 2013 at 1:28 PM, Bogdan-Andrei Iancu <span dir="ltr"><<a href="mailto:bogdan@opensips.org" target="_blank">bogdan@opensips.org</a>></span> wrote:<br></div><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><u></u>
<div bgcolor="#ffffff" text="#000000">
<tt>Hello Nick,<br>
<br>
You can say that the IP level info may be trusted (as it is
provided by IP layer which is out of users control, so pretty
safe).<br>
<br>
About the content of the SIP package, without authentication,
nothing is to be trusted. Doing digest authentication for SIP
requests, you can trust the username+realm of the caller (username
in auth hdr which usually matches the SIP FROM hdr). So that's the
only information that you can say for 100% it is sure.<br>
<br>
If you want to have more authenticated, take a look at SIP
Identity support
(<a href="http://www.opensips.org/html/docs/modules/1.9.x/identity.html" target="_blank">http://www.opensips.org/html/docs/modules/1.9.x/identity.html</a>),
but you also need that support in the clients too.<br>
<br>
Regards,<br>
</tt>
<pre cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a href="http://www.opensips-solutions.com" target="_blank">http://www.opensips-solutions.com</a></pre><div><div class="h5">
<br>
On 04/09/2013 06:43 PM, Nick Khamis wrote:
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">
<div>Hello Everyone,</div>
<div><br>
</div>
<div>When performing certain security tasks using
script and database queries, we would like</div>
<div>to make sure that we are processing the more
secure parts of the SIP packet. As you know</div>
<div>fu, fd, tu, and td can be manually set by any
user, as we do here in the SIP proxy world:</div>
<div><br>
</div>
<div>
<div>From: "Mike Peer" <<a href="mailto:sip%3A5148390676@10.147.23.144" target="_blank">sip:5148390676@10.147.23.144</a>>;tag=as15bc6a70.</div>
<div>To: <<a href="mailto:sip%3A1000@sip.example.com" target="_blank">sip:1000@sip.example.com</a>>.</div>
<div>Contact: <<a href="mailto:sip%3A5148392007@10.147.23.144" target="_blank">sip:5148392007@10.147.23.144</a>>.</div>
<div><br>
</div>
<div>
And therefore not the most secure place to look when
performing security critical tasks.</div>
<div>(i.e., who is attempting to make/place a call)</div>
<div><br>
</div>
<div>Not sure what this part of the SIP packet is
called:</div>
<div><br>
</div>
<div>U 2013/04/09 11:27:33.449280 <a href="http://69.147.236.82:5060" target="_blank">69.147.236.82:5060</a>
-> <a href="http://192.168.2.5:5060" target="_blank">192.168.2.5:5060</a><br>
</div>
<div><br>
</div>
<div>
But it seems like a safe place to look since it looks like
it's generated on our side. If so, what OpenSIPS variables
return </div>
<div><br>
</div>
<div>Source: <a href="http://10.147.23.144:5060" target="_blank">10.147.23.144:5060</a>
and Destination: <a href="http://192.168.2.5:5060" target="_blank">192.168.2.5:5060</a></div>
<div><br>
</div>
<div>Would src_ip and dst_ip be the best place to
start? As for dst_ip it will always be the address</div>
<div>of the interface that receives the traffic
however, what about interfaces that are behind a nat (i.e.,
public/private ips).</div>
<div><br>
</div>
<div>Maybe the Via info is safer to process in cases
where the caller/callee is going through</div>
<div>a sexy little proxy like OpenSIPS? ;)</div>
<div><br>
</div>
</div>
<div>Via:
SIP/2.0/UDP 10.147.23.144:5060;branch=z9hG4bK5027614e;rport.<br>
</div>
<div><br>
</div>
<div>Your Insights are greatly appreciated,</div>
<div><br>
</div>
<div>Nick</div>
</div>
</div></div><pre><fieldset></fieldset>
_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
</div>
</blockquote></div><br></div><div class="gmail_extra">Hello Bogdan,<br></div><div class="gmail_extra"><br></div><div class="gmail_extra">I hope all is well, and thank you for your response :). We are interested in the <span style="font-family:monospace">IP level info. I am assuming that info is this stuff here:</span><br>
</div><div class="gmail_extra"><span style="color:rgb(80,0,80)"><br></span></div><div class="gmail_extra"><span style="color:rgb(80,0,80)">U 2013/04/09 11:27:33.449280 </span><a href="http://69.147.236.82:5060/" target="_blank">69.147.236.82:5060</a><span style="color:rgb(80,0,80)"> </span><span style="color:rgb(80,0,80)">-></span><span style="color:rgb(80,0,80)"> </span><a href="http://192.168.2.5:5060/" target="_blank">192.168.2.5:5060</a></div>
<div class="gmail_extra"><br></div><div class="gmail_extra" style>If so, what variables (avp...) do we have at our disposal for this info. Is it src_ip and dst_ip? Is there anything else?</div><div class="gmail_extra" style>
<br></div><div class="gmail_extra" style>N.</div><div class="gmail_extra"><span style="font-family:monospace"><br></span></div></div>