[Serusers] Checking spoofed From headers
sip
sip at arcdiv.com
Mon Apr 10 17:25:27 CEST 2006
I was under the impression check_from gathered its data from credentials
(requiring a proxy authorize)...
Still, though, documentation on it being what it is (i.e. a line saying simply
"Check From username against URI table or digest credentials." ), how would I
use it to check if a user isn't in the URI table but is pretending to be?
Couch it in a Search?
Like:
if(search("^From:.*@my.domain.com"))
{
if(!check_from())
{
error and exit
};
};
?
N.
On Mon, 10 Apr 2006 16:40:58 +0200, samuel wrote
> check_from() ?
> 2006/4/10, sip <sip at arcdiv.com>:
> > Is there a way anyone can readily think of to check to see if someone using
> > our open proxy is calling through with a From header that attempts to fool the
> > recipient into thinking the call is validly from one of our users?
> >
> > Scenario is this...
> >
> > While looking at the logs this morning, I noticed someone was calling a
> > SIPPhone user through our proxy with a From: address that LOOKED like it was a
> > user of ours, but using a username that doesn't actually exist.
> >
> > I'm wondering if there's anyway to check if someone is calling through us with
> > a From: address that looks like one of our users, but isn't.
> >
> > N.
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
More information about the sr-users
mailing list