opensips - hiding interconnection information

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

opensips - hiding interconnection information

Julien Chavanton
Hi, I have a business usage security concern.
 
If we take this scenario :
 
carrierA --SIP--> carrierB --SIP--> carrierC
 
CarrierB may not want carrierC to find out about carrierA (IP address)
 
I beleive "record-routing" and "via header" can provide unwanted information,
any suggestion/options on how we can deal with such requirements using a SIP proxy as openSIPS ?  
 
Regards,
Julien

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: opensips - hiding interconnection information

DanB-2
Hi Julien,

For such scenarios you would need a B2BUA ( I personally use B2bua.org but Yate, Freeswitch,  Asterisk can do it too).
One more concern with carrier traffic would be the SDP body, which can reveal information about the originator too.

Cheers,
DanB

On Wed, Jul 1, 2009 at 7:08 AM, Julien Chavanton <[hidden email]> wrote:
Hi, I have a business usage security concern.
 
If we take this scenario :
 
carrierA --SIP--> carrierB --SIP--> carrierC
 
CarrierB may not want carrierC to find out about carrierA (IP address)
 
I beleive "record-routing" and "via header" can provide unwanted information,
any suggestion/options on how we can deal with such requirements using a SIP proxy as openSIPS ?  
 
Regards,
Julien

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: opensips - hiding interconnection information

Bogdan-Andrei Iancu
In reply to this post by Julien Chavanton
Hi Julien,

soon, a new module for topology hiding will be available in OpenSIPS
1.6.....probably this is what you are looking for..

Regards,
Bogdan

Julien Chavanton wrote:

> Hi, I have a business usage security concern.
>  
> If we take this scenario :
>  
> carrierA --SIP--> carrierB --SIP--> carrierC
>  
> CarrierB may not want carrierC to find out about carrierA (IP address)
>  
> I beleive "record-routing" and "via header" can provide
> unwanted information,
> any suggestion/options on how we can deal with such requirements using
> a SIP proxy as openSIPS ?  
>  
> Regards,
> Julien
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>  


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: opensips - hiding interconnection information

Brett Nemeroff
Bogdan,
How will it work?
-Brett


On Wed, Jul 1, 2009 at 4:54 AM, Bogdan-Andrei Iancu <[hidden email]> wrote:
Hi Julien,

soon, a new module for topology hiding will be available in OpenSIPS
1.6.....probably this is what you are looking for..

Regards,
Bogdan

Julien Chavanton wrote:
> Hi, I have a business usage security concern.
>
> If we take this scenario :
>
> carrierA --SIP--> carrierB --SIP--> carrierC
>
> CarrierB may not want carrierC to find out about carrierA (IP address)
>
> I beleive "record-routing" and "via header" can provide
> unwanted information,
> any suggestion/options on how we can deal with such requirements using
> a SIP proxy as openSIPS ?
>
> Regards,
> Julien
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: opensips - hiding interconnection information

Iñaki Baz Castillo
2009/7/1 Brett Nemeroff <[hidden email]>:
> Bogdan,
> How will it work?

Just a B2BUA can do it. So the only solution is OpenSIPS behaving as B2BUA.


--
Iñaki Baz Castillo
<[hidden email]>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: opensips - hiding interconnection information

Bogdan-Andrei Iancu
Hi Iñaki,

not exactly - for hiding the network information is enough to hide some
headers (like RR, VIA, Contact).

Regards,
Bogdan

Iñaki Baz Castillo wrote:

> 2009/7/1 Brett Nemeroff <[hidden email]>:
>  
>> Bogdan,
>> How will it work?
>>    
>
> Just a B2BUA can do it. So the only solution is OpenSIPS behaving as B2BUA.
>
>
>  


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: opensips - hiding interconnection information

Bogdan-Andrei Iancu
In reply to this post by Brett Nemeroff
Hi Brett,

it will be based on the dialog module and it will locally store in the
dialog the headers congaing network information. When going in the other
direction, the module will put back the hdrs.

Regards,
Bogdan

Brett Nemeroff wrote:

> Bogdan,
> How will it work?
> -Brett
>
>
> On Wed, Jul 1, 2009 at 4:54 AM, Bogdan-Andrei Iancu
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     Hi Julien,
>
>     soon, a new module for topology hiding will be available in OpenSIPS
>     1.6.....probably this is what you are looking for..
>
>     Regards,
>     Bogdan
>
>     Julien Chavanton wrote:
>     > Hi, I have a business usage security concern.
>     >
>     > If we take this scenario :
>     >
>     > carrierA --SIP--> carrierB --SIP--> carrierC
>     >
>     > CarrierB may not want carrierC to find out about carrierA (IP
>     address)
>     >
>     > I beleive "record-routing" and "via header" can provide
>     > unwanted information,
>     > any suggestion/options on how we can deal with such requirements
>     using
>     > a SIP proxy as openSIPS ?
>     >
>     > Regards,
>     > Julien
>     >
>     ------------------------------------------------------------------------
>     >
>     > _______________________________________________
>     > Users mailing list
>     > [hidden email] <mailto:[hidden email]>
>     > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>     >
>
>
>     _______________________________________________
>     Users mailing list
>     [hidden email] <mailto:[hidden email]>
>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: opensips - hiding interconnection information

Brett Nemeroff
In reply to this post by Julien Chavanton
Will you be able to give it a list of custom headers to absorb? :)

-Brett
------Original Message------
From: Bogdan-Andrei Iancu
To: Brett Nemeroff
Cc: Julien Chavanton
Cc: [hidden email]
Sent: Jul 1, 2009 8:10 AM
Subject: Re: [OpenSIPS-Users] opensips - hiding interconnection information

Hi Brett,

it will be based on the dialog module and it will locally store in the
dialog the headers congaing network information. When going in the other
direction, the module will put back the hdrs.

Regards,
Bogdan

Brett Nemeroff wrote:

> Bogdan,
> How will it work?
> -Brett
>
>
> On Wed, Jul 1, 2009 at 4:54 AM, Bogdan-Andrei Iancu
> <[hidden email] <mailto:[hidden email]>> wrote:
>
>     Hi Julien,
>
>     soon, a new module for topology hiding will be available in OpenSIPS
>     1.6.....probably this is what you are looking for..
>
>     Regards,
>     Bogdan
>
>     Julien Chavanton wrote:
>     > Hi, I have a business usage security concern.
>     >
>     > If we take this scenario :
>     >
>     > carrierA --SIP--> carrierB --SIP--> carrierC
>     >
>     > CarrierB may not want carrierC to find out about carrierA (IP
>     address)
>     >
>     > I beleive "record-routing" and "via header" can provide
>     > unwanted information,
>     > any suggestion/options on how we can deal with such requirements
>     using
>     > a SIP proxy as openSIPS ?
>     >
>     > Regards,
>     > Julien
>     >
>     ------------------------------------------------------------------------
>     >
>     > _______________________________________________
>     > Users mailing list
>     > [hidden email] <mailto:[hidden email]>
>     > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>     >
>
>
>     _______________________________________________
>     Users mailing list
>     [hidden email] <mailto:[hidden email]>
>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>



Sent from my Verizon Wireless BlackBerry
_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: opensips - hiding interconnection information

Bogdan-Andrei Iancu
maybe not in a first phase :)....first it will take care of the default
SIP headers

Regards,
Bogdan

[hidden email] wrote:

> Will you be able to give it a list of custom headers to absorb? :)
>
> -Brett
> ------Original Message------
> From: Bogdan-Andrei Iancu
> To: Brett Nemeroff
> Cc: Julien Chavanton
> Cc: [hidden email]
> Sent: Jul 1, 2009 8:10 AM
> Subject: Re: [OpenSIPS-Users] opensips - hiding interconnection information
>
> Hi Brett,
>
> it will be based on the dialog module and it will locally store in the
> dialog the headers congaing network information. When going in the other
> direction, the module will put back the hdrs.
>
> Regards,
> Bogdan
>
> Brett Nemeroff wrote:
>  
>> Bogdan,
>> How will it work?
>> -Brett
>>
>>
>> On Wed, Jul 1, 2009 at 4:54 AM, Bogdan-Andrei Iancu
>> <[hidden email] <mailto:[hidden email]>> wrote:
>>
>>     Hi Julien,
>>
>>     soon, a new module for topology hiding will be available in OpenSIPS
>>     1.6.....probably this is what you are looking for..
>>
>>     Regards,
>>     Bogdan
>>
>>     Julien Chavanton wrote:
>>     > Hi, I have a business usage security concern.
>>     >
>>     > If we take this scenario :
>>     >
>>     > carrierA --SIP--> carrierB --SIP--> carrierC
>>     >
>>     > CarrierB may not want carrierC to find out about carrierA (IP
>>     address)
>>     >
>>     > I beleive "record-routing" and "via header" can provide
>>     > unwanted information,
>>     > any suggestion/options on how we can deal with such requirements
>>     using
>>     > a SIP proxy as openSIPS ?
>>     >
>>     > Regards,
>>     > Julien
>>     >
>>     ------------------------------------------------------------------------
>>     >
>>     > _______________________________________________
>>     > Users mailing list
>>     > [hidden email] <mailto:[hidden email]>
>>     > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>     >
>>
>>
>>     _______________________________________________
>>     Users mailing list
>>     [hidden email] <mailto:[hidden email]>
>>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>    
>
>
>
> Sent from my Verizon Wireless BlackBerry


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: opensips - hiding interconnection information

Victor Gamov
In reply to this post by Bogdan-Andrei Iancu
On 01.07.2009 17:07, Bogdan-Andrei Iancu wrote:
> Hi Iñaki,
>
> not exactly - for hiding the network information is enough to hide some
> headers (like RR, VIA, Contact).

Call-Id have IP info too.

Pure B2BUA may be a really nice module.

Thanks!

--
CU,
Victor Gamov

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: opensips - hiding interconnection information

Bogdan-Andrei Iancu
Hi Victor,

Victor Gamov wrote:

> On 01.07.2009 17:07, Bogdan-Andrei Iancu wrote:
>  
>> Hi Iñaki,
>>
>> not exactly - for hiding the network information is enough to hide some
>> headers (like RR, VIA, Contact).
>>    
>
> Call-Id have IP info too.
>  
it may - there is no standard way of generating the call-ids and not all
UA do so
But indeed, it is true.
> Pure B2BUA may be a really nice module.
>  
There is already finished a full signalling b2bua module. It will be
uploaded soon on SVN.

Regards,
Bogdan

> Thanks!
>
> --
> CU,
> Victor Gamov
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>  


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: opensips - hiding interconnection information

Iñaki Baz Castillo
El Jueves, 2 de Julio de 2009, Bogdan-Andrei Iancu escribió:
> > Pure B2BUA may be a really nice module.
> >  
>
> There is already finished a full signalling b2bua module. It will be
> uploaded soon on SVN.

Hi Bogdan, I really wonder how will behave this b2bua module when having
parallel forking with PRACK requests (so CSeq is just incremented in some
early-dialogs).
I assume that b2bua module will depend, as many others, on dialog module,
which doens't handle the above case.

--
Iñaki Baz Castillo <[hidden email]>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: opensips - hiding interconnection information

Bogdan-Andrei Iancu
Hi Inaki,

Iñaki Baz Castillo wrote:

> El Jueves, 2 de Julio de 2009, Bogdan-Andrei Iancu escribió:
>  
>>> Pure B2BUA may be a really nice module.
>>>  
>>>      
>> There is already finished a full signalling b2bua module. It will be
>> uploaded soon on SVN.
>>    
>
> Hi Bogdan, I really wonder how will behave this b2bua module when having
> parallel forking with PRACK requests (so CSeq is just incremented in some
> early-dialogs).
>  
In a first stage, maybe not all the case will be covered - there are too
many scenarios to deal with :)
> I assume that b2bua module will depend, as many others, on dialog module,
> which doens't handle the above case.
>  
it is not based on dialog module ...it is directly based on TM and
internally implements the behaviours of an UAC and UAS.

Regards,
Bogdan


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: opensips - hiding interconnection information

Iñaki Baz Castillo
El Viernes, 3 de Julio de 2009, Bogdan-Andrei Iancu escribió:

> > I assume that b2bua module will depend, as many others, on dialog module,
> > which doens't handle the above case.
>
> it is not based on dialog module ...it is directly based on TM and
> internally implements the behaviours of an UAC and UAS.

that sounds better :)


--
Iñaki Baz Castillo <[hidden email]>

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users