[Serusers] account + IP binding

Francesco Bottà francesco.botta at eutelia.it
Wed Jul 28 14:30:06 CEST 2004


Hi all,

always about this...is it possible to do IP accounting by acc module,
introducing something like to another parameter of log_mft for the Contact
(if applicable) Header Field in the INVITE, BYE method?

Thanks in advance.

Franz
----- Original Message ----- 
From: "Bogdan-Andrei IANCU" <iancu at fokus.fraunhofer.de>
To: <zolia at z1sys.com>
Cc: <serusers at lists.iptel.org>
Sent: Wednesday, July 28, 2004 2:12 PM
Subject: Re: [Serusers] account + IP binding


> zolia at z1sys.com wrote:
>
> >hello,
> >
> >is it possible to do source ip authentication besides normal
> >www_authorize() for every user account?. This, as i understand, should
> >prevent from intercepting credentials and later faking sip message to
> >bypass www_authorization ?
> >
> this doesn't work. for each authentication challenge, ser generates an
> noun that is kept into memory for a short period of time. So, this kind
> of exploit is very limited - only if somebody trys in real time to do it
> and in very narrow time window.
> IP checking doesn't help you - they can be also spoof. Plus, against
> what address you check when the user register for the first time? or if
> the user use multiple client in the same time?
> bogdan
>
> > Or maybe there are some other counter measures
> >against such fraud?
> >
> >Does src_ip comes directly from ip layer? If so, i could probably use
this
> >to check with some external database (ie. ser subscriber)?
> >
> >Antanas
> >NTT
> >
> >_______________________________________________
> >Serusers mailing list
> >serusers at lists.iptel.org
> >http://lists.iptel.org/mailman/listinfo/serusers
> >
> >
> >
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers




More information about the sr-users mailing list