From Header field Domain/IP address use by remote system

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

From Header field Domain/IP address use by remote system

Julien Chavanton
Hi, I have noticed that some SIP system are using the "From:" header field domain/IP to authenticate or do some routing operation instead of the sending IP address.
 
If they authenticate only on the "From:" header field, I guess they could be vulnarable to spoofing.
 
Anyhow, I am wandering if we should replace the From  header field IP address with the one of the SIP proxy even if this is not RFC recommended for a proxy ?
 
 

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: From Header field Domain/IP address use by remote system

Bogdan-Andrei Iancu
Hi Julien,

doing IP based auth by the FROM domain is really insecure  - only the IP
at network level may be trusted.
But if you want to change the FROM URI to reflect some IP address, use
uac_replace_from() from UAC module - it will do it in RFC complaint way.

Regards,
Bogdan

Julien Chavanton wrote:

> Hi, I have noticed that some SIP system are using the "From:" header
> field domain/IP to authenticate or do some routing operation instead
> of the sending IP address.
>  
> If they authenticate only on the "From:" header field, I guess they
> could be vulnarable to spoofing.
>  
> Anyhow, I am wandering if we should replace the From  header field IP
> address with the one of the SIP proxy even if this is not RFC
> recommended for a proxy ?
>  
>  
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>  


--
Bogdan-Andrei Iancu
www.voice-system.ro


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users