[Serusers] Checking spoofed From headers

sip sip at arcdiv.com
Mon Apr 10 19:53:31 CEST 2006 

Okay... that clearly didn't work. As I expected, it requires me to do a proxy
authorize before doing the check_from in order to get the credentials. The
problem is, this is an open proxy, so I don't WANT people to have to authorize
before calling through. I just want some way of making sure they ARE a valid
user if they claim to be. 

Am I going to have to do a search("^From:.*@my.domain.com")) and then
proxy_authorise and check from... essentially only authenticating users who
claim to be from my system? 

I'll give it a shot. Seems kind of backward, though. 

N.


On Mon, 10 Apr 2006 11:25:27 -0400, sip wrote
> I was under the impression check_from gathered its data from credentials
> (requiring a proxy authorize)...
> 
> Still, though, documentation on it being what it is (i.e. a line 
> saying simply "Check From username against URI table or digest 
> credentials." ), how would I use it to check if a user isn't in the 
> URI table but is pretending to be? Couch it in a Search?
> 
> Like:
> 
> if(search("^From:.*@my.domain.com"))
> {
>    if(!check_from())
>    {
>       error and exit
>    };
> };
> 
> ?
> 
> N.
> 
> On Mon, 10 Apr 2006 16:40:58 +0200, samuel wrote
> > check_from() ?
> > 2006/4/10, sip <sip at arcdiv.com>:
> > > Is there a way anyone can readily think of to check to see if someone using
> > > our open proxy is calling through with a From header that attempts to
fool the
> > > recipient into thinking the call is validly from one of our users?
> > >
> > > Scenario is this...
> > >
> > > While looking at the logs this morning, I noticed someone was calling a
> > > SIPPhone user through our proxy with a From: address that LOOKED like it
was a
> > > user of ours, but using a username that doesn't actually exist.
> > >
> > > I'm wondering if there's anyway to check if someone is calling through
us with
> > > a From: address that looks like one of our users, but isn't.
> > >
> > > N.
> > >
> > > _______________________________________________
> > > Serusers mailing list
> > > serusers at lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serusers
> > >
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list