What gives you that idea? Most likely, they spoofed an IP.
Paul Belanger paul.belanger@polybeacon.com wrote:
On Thu, Mar 7, 2013 at 5:24 PM, Alex Balashov abalashov@evaristesys.com wrote:
Because digest authentication is a far from self-evident or universal use-case for Kamailio.
Paul Belanger paul.belanger@polybeacon.com wrote:
Greeting,
Hopefully, I'm understanding the following default kamailio.cfg[1] file. Over the weekend, I was attached by SipVicious. Following along with the example Daniel[2] create with kamailio and asterisk,
I
have almost the same setup. Rather then storing my SIP profiles in Asterisk database, I have then in Kamailio.
To my point, the attacker was actually able to by pass any sort of authentication, but simply sending an INIVTE message:
./svmap.py -e 18885551234 kamailio.example.org -m INVITE
Which kamailio, forwarded to Asterisk and because there is no additional auth within asterisk, was able to hit the asterisk
context
for getting processed (they did not get out to the real world). However, my question is.... why do we not authenticate INVITE messages? If my understanding is correct, if would require
something
like the following:
if (is_method("INVITE")) { if (!proxy_authorize("$fd", "subscriber")) { proxy_challenge("$fd", "0"); exit; } }
If so, why not also do it in the default configuration file?
[1]
http://git.sip-router.org/cgi-bin/gitweb.cgi?p=sip-router;a=blob_plain;f=etc...
[2]
http://kb.asipto.com/asterisk:realtime:kamailio-3.3.x-asterisk-10.7.0-astdb
So that is what confuses me. Why do we authenticate only when the user requests it?
-- Paul Belanger | PolyBeacon, Inc. Jabber: paul.belanger@polybeacon.com | IRC: pabelanger (Freenode) Github: https://github.com/pabelanger | Twitter: https://twitter.com/pabelanger
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Sent from my Nexus 10, with all the figments of autocorrect that might imply.
Alex Balashov - Principal Evariste Systems LLC 235 E Ponce de Leon Ave Suite 106 Decatur, GA 30030 United States Tel: +1-678-954-0670 Web: http://www.evaristesys.com/, http://www.alexbalashov.com/