[Serusers] account + IP binding

[Bogdan-Andrei IANCU]

Francesco Bottà wrote:

>Hi all,
>
>always about this...is it possible to do IP accounting by acc module,
>introducing something like to another parameter of log_mft for the Contact
>(if applicable) Header Field in the INVITE, BYE method?
>  
>
I see no immediate purpose of logging contact? or...?
bogdan

>Thanks in advance.
>
>Franz
>----- Original Message ----- 
>From: "Bogdan-Andrei IANCU" <iancu at fokus.fraunhofer.de>
>To: <zolia at z1sys.com>
>Cc: <serusers at lists.iptel.org>
>Sent: Wednesday, July 28, 2004 2:12 PM
>Subject: Re: [Serusers] account + IP binding
>
>
>  
>
>>zolia at z1sys.com wrote:
>>
>>    
>>
>>>hello,
>>>
>>>is it possible to do source ip authentication besides normal
>>>www_authorize() for every user account?. This, as i understand, should
>>>prevent from intercepting credentials and later faking sip message to
>>>bypass www_authorization ?
>>>
>>>      
>>>
>>this doesn't work. for each authentication challenge, ser generates an
>>noun that is kept into memory for a short period of time. So, this kind
>>of exploit is very limited - only if somebody trys in real time to do it
>>and in very narrow time window.
>>IP checking doesn't help you - they can be also spoof. Plus, against
>>what address you check when the user register for the first time? or if
>>the user use multiple client in the same time?
>>bogdan
>>
>>    
>>
>>>Or maybe there are some other counter measures
>>>against such fraud?
>>>
>>>Does src_ip comes directly from ip layer? If so, i could probably use
>>>      
>>>
>this
>  
>
>>>to check with some external database (ie. ser subscriber)?
>>>
>>>Antanas
>>>NTT
>>>
>>>_______________________________________________
>>>Serusers mailing list
>>>serusers at lists.iptel.org
>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>>
>>>
>>>      
>>>
>>_______________________________________________
>>Serusers mailing list
>>serusers at lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers
>>    
>>
>
>
>  
>