Hi Alex,
Thank You, i'm trying to use this config:
if($(hdr(Record-Route)[0]{nameaddr.uri}) != $si and $(hdr(Record-Route)[0]{nameaddr.uri}) != $null) { xlog("L_INFO","Spoofing attack detected from $si, blocking"); exit; } taken from here: https://www.kamailio.org/wiki/tutorials/security/kamailio-security
but, it is not working because as you said the record-route - can be different, like in my case: Record-Route: sip:192.168.1.1;lr;did=637.07c7c2d7
Temporarily, i solved using this configuration:
if($(hdr(Record-Route)[0]{nameaddr.uri}) != $null) { if ( search_hf("Record-Route", ";", "f") ) { $var(record_route) = $(hdr(Record-Route)[0]{nameaddr.uri}{re.subst,/^sip:([0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3});.*/\1/}); if($var(record_route)) != $si { xlogl("L_ERR","Spoofing Attack detected, Blocking\n"); exit; } } else { if($(hdr(Record-Route)[0]{nameaddr.uri}) != $si) { xlogl("L_ERR","Spoofing Attack detected, Blocking\n"); exit; } } }; but, i'm not sure that this is right configuration - and maybe it could be done better. How would you solve this problem? Thank You.