[Serusers] IP address spoofing

Greger V. Teigre greger at teigre.com
Fri Jul 7 11:15:36 CEST 2006 

>Hi Greger. SER and Asterisk can be configured to use TCP for SIP/SDP 
>messages?
>

Try this before forwarding the INVITE to Asterisk:
if(!uri_param("transport")) {                                                                                  
  add_uri_param("transport=tcp");                                                                         }   

>The reason I said that the caller wouldn't receive audio is because the 
>callee's RTP stream would be directed to SER, not the caller.
>-- Nick

How come? I don't see rtpproxy or mediaproxy in your setup. So, unless you force an RTP proxy in your SER, I would expect Asterisk and caller to communicate directly on RTP.
g-)



Nick Hoffman wrote:
>> Nick Hoffman wrote:
>>     
>>> Hi guys. Say you have this setup, with an account for the caller on
>>> both Asterisk and SER:
>>>     Caller -> SER -> Asterisk -> VoIP Provider -> Callee
>>>
>>> If the caller were to spoof SER's IP address and place a call directly
>>> to Asterisk (thus circumventing SER), what would happen?
>>>
>>> If the call was in fact setup, obviously the caller would not receive
>>> any audio from the callee. However, would the call be setup? When
>>> Asterisk responds to the caller's request and sends SIP packets back
>>> (to SER), would SER say "I don't know anything about this call!
>>> Asterisk, kill this call please."?
>>>
>>> Thanks for your input!
>>> -- Nick
>>> e: nick.hoffman at altcall.com
>>> p: +61 7 5591 3588
>>> f: +61 7 5591 6588
>>>       
>
>
> On Wed July 5 2006 17:58, "Greger V. Teigre" <greger at teigre.com> wrote:
>   
>> Depends on the config and what type of message the caller managed to
>> make asterisk create...  You could (and probably should) put asterisk on
>> a private routable network (i.e. NATed behind a firewall).  The best
>> would be to put ser and asterisk on the same network and only allow
>> outside world to contact ser and let ser contact asterisk using the
>> private address of asterisk.  Alternatively you could use tcp to
>> asterisk and stop udp traffic.
>>     Why the caller wouldn't receive audio, I don't understand...
>> g-)
>>     
>
>
> Hi Greger. SER and Asterisk can be configured to use TCP for SIP/SDP 
> messages?
>
> The reason I said that the caller wouldn't receive audio is because the 
> callee's RTP stream would be directed to SER, not the caller.
> -- Nick
> e: nick.hoffman at altcall.com
> p: +61 7 5591 3588
> f: +61 7 5591 6588
>
> If you receive this email by mistake, please notify us and do not make any 
> use of the email.  We do not waive any privilege, confidentiality or 
> copyright associated with it.
>
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060707/c61cb2bb/attachment.htm>

More information about the sr-users mailing list