[OpenSER-Users] Security hole in REGISTER's Contact using domain

[Juha Heinanen]

Iñaki Baz Castillo writes:

 > How to handle it? is it not a real security hole?

1) buy pstn gws that accept no hostnames (just its own ip address) in
  the hostpart of r-uri.  example, cisco ios with later software
  releases.

2) forget the hostpart check all together and instead check the
   userpart, where you have put something special that the gw then
   removes.

-- juha