[Serusers] Loose routing question
Klaus Darilion
klaus.mailinglists at pernau.at
Tue May 3 09:14:30 CEST 2005
Yes, this is indeed a great problem. It is not easy to authenticate
loose_route processed messages. e.g. the following example:
a at a.com calls b at b.com. b forwards the request to c at c.com. Now, proxy c
should check if messages are allowed to be loose_routed. But the To: and
From: headers only include the domains a and b, never c. This,
authenticating the calls is not possible.
For all loose_routed reuqest, I check if there is a to-tag present. If
yes -> relay the request. Faked to-tag will be detected by the gateway
and should be rejected: cisco does :-), AFAIK asterisk does not :-(
If there is not tog-tag, I will reject the request.
This solution is fine aslong as you are not using asterisk as gateway.
regards,
klaus
Michael Ulitskiy wrote:
> Hello,
>
> I'm trying to comprehend loose routing concept and I have
> a question that concerns me.
> As far as I understand loose routing says that if there're Route
> headers in a message it should be forwarded according to the URIs
> set in Route headers.
> I thought that this is true only within a dialog, but RFC3261 (part 16.6) says:
> "Requests establishing a dialog may contain a preloaded Route header field."
> Also SER manual says: " the failure not to include loose routing in your scripts
> may lead to infinite loops. Make sure that you include the following script
> fragment immediately after request sanity checks" and provide the following
> piece of code:
> if (loose_route()) {
> t_relay();
> break;
> };
>
> which as far as I understand unconditionally forwards message if Route header
> is present.
> So I'm wondering what about security? If I follow this guidelines how I would
> shield my PSTN gateway if anyone can construct message and
> pre-load it with URI of my gateway and all my proxies must honor it.
> For example I have a PSTN gateway on ip address 10.1.1.5 and proxy
> on 10.1.1.10 that supposed to interface outside world.
> So I guess if someone construct a message like this:
>
> INVITE sip:12345 at somewhere.com SIP/2.0
> ...
> Route: <sip:12345 at 10.1.1.5;lr>
>
> my proxy will forward it to PSTN gateway and it will make outbound call.
>
> Is this true? Please enlighten me on this.
> Thank you,
>
> Michael
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
More information about the sr-users
mailing list