
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#ffffff" text="#000000">

    <tt>Hello Nick,<br>

      <br>

      You can say that the IP level info may be trusted (as it is

      provided by IP layer which is out of users control, so pretty

      safe).<br>

      <br>

      About the content of the SIP package, without authentication,

      nothing is to be trusted. Doing digest authentication for SIP

      requests, you can trust the username+realm of the caller (username

      in auth hdr which usually matches the SIP FROM hdr). So that's the

      only information that you can say for 100% it is sure.<br>

      <br>

      If you want to have more authenticated, take a look at SIP

      Identity support

      (<a class="moz-txt-link-freetext" href="http://www.opensips.org/html/docs/modules/1.9.x/identity.html">http://www.opensips.org/html/docs/modules/1.9.x/identity.html</a>),

      but you also need that support in the clients too.<br>

      <br>

      Regards,<br>

    </tt>

    <pre class="moz-signature" cols="72">Bogdan-Andrei Iancu

OpenSIPS Founder and Developer

<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>

    <br>

    On 04/09/2013 06:43 PM, Nick Khamis wrote:

    <blockquote

cite="mid:CAGWRaZYa9-Mvh=hHjNyLT9FphZ4YL0FA61GzC_71MGce_rz5Wg@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div style="">Hello Everyone,</div>

        <div style=""><br>

        </div>

        <div style="">When performing certain security tasks using

          script and database queries, we would like</div>

        <div style="">to make sure that we are processing the more

          secure parts of the SIP packet. As you know</div>

        <div style="">fu, fd, tu, and td can be manually set by any

          user, as we do here in the SIP proxy world:</div>

        <div style=""><br>

        </div>

        <div style="">

          <div>From: "Mike Peer" &lt;<a moz-do-not-send="true"

              href="mailto:sip%3A5148390676@10.147.23.144">sip:5148390676@10.147.23.144</a>&gt;;tag=as15bc6a70.</div>

          <div>To: &lt;<a moz-do-not-send="true"

              href="mailto:sip%3A1000@sip.example.com">sip:1000@sip.example.com</a>&gt;.</div>

          <div>Contact: &lt;<a moz-do-not-send="true"

              href="mailto:sip%3A5148392007@10.147.23.144">sip:5148392007@10.147.23.144</a>&gt;.</div>

          <div><br>

          </div>

          <div style="">

            And therefore not the most secure place to look when

            performing security critical tasks.</div>

          <div style="">(i.e., who is attempting to make/place a call)</div>

          <div style=""><br>

          </div>

          <div style="">Not sure what this part of the SIP packet is

            called:</div>

          <div style=""><br>

          </div>

          <div style="">U 2013/04/09 11:27:33.449280 <a

              moz-do-not-send="true" href="http://69.147.236.82:5060">69.147.236.82:5060</a>

            -&gt; <a moz-do-not-send="true"

              href="http://192.168.2.5:5060">192.168.2.5:5060</a><br>

          </div>

          <div style=""><br>

          </div>

          <div style="">

            But it seems like a safe place to look since it looks like

            it's generated on our side. If so, what OpenSIPS variables

            return&nbsp;</div>

          <div style=""><br>

          </div>

          <div style="">Source: <a moz-do-not-send="true"

              href="http://10.147.23.144:5060">10.147.23.144:5060</a>

            and Destination: <a moz-do-not-send="true"

              href="http://192.168.2.5:5060">192.168.2.5:5060</a></div>

          <div style=""><br>

          </div>

          <div style="">Would src_ip and dst_ip be the best place to

            start? As for dst_ip it will always be the address</div>

          <div style="">of the interface that receives the traffic

            however, what about interfaces that are behind a nat (i.e.,

            public/private ips).</div>

          <div style=""><br>

          </div>

          <div style="">Maybe the Via info is safer to process in cases

            where the caller/callee is going through</div>

          <div style="">a sexy little proxy like OpenSIPS? ;)</div>

          <div><br>

          </div>

        </div>

        <div>Via:

          SIP/2.0/UDP&nbsp;10.147.23.144:5060;branch=z9hG4bK5027614e;rport.<br>

        </div>

        <div><br>

        </div>

        <div style="">Your Insights are greatly appreciated,</div>

        <div style=""><br>

        </div>

        <div style="">Nick</div>

      </div>

      <pre wrap="">

<fieldset class="mimeAttachmentHeader"></fieldset>

_______________________________________________

Users mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>

<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>

</pre>

    </blockquote>

  </body>

</html>