I don't think this is the problem you think it is. Let's say endpoint A spoofs a To-tag and a Call-ID. So what? The reinvite goes to endpoint B, which says "I don't recognise that"."
Spoofing both would be quite difficult.
Nevertheless, if this improbable worry consumes you, you can use dialog module tracking and this function:
https://kamailio.org/docs/modules/5.7.x/modules/dialog.html#dialog.f.is_know...
— Sent from mobile, apologies for brevity and errors.
On Sep 19, 2023, at 4:52 AM, Benoit Panizzon benoit.panizzon@imp.ch wrote:
Hi List
At the moment, we challenge every invite (and re-invite) to make sure the customer is authenticated.
Now we have one kind of PBX, which never does not authenticate when we challenge a Re-Invite.
According to the vendor of that PBX's RFC interpretation, answering a challenge to a re-invite is optional. If that is ignored by the PBX, then the existing established dialog shall not end.
Unfortunately this causes the session timer to run out.
I am therefore wondering, if there is a safe way not to challenge re-invites.
A Re-Invite contains a To-Tag. So I could bypass authentication on presence of a to-Tag. But then, how do I prevent a customer to just set a spoofed To-Tag to circumvent authentication?
Is there a feasible way?
Mit freundlichen Grüssen
-Benoît Panizzon-
I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: