[OpenSER-Users] my small security breach REGISTER

Christian Schlatter cs at unc.edu
Thu Sep 6 14:40:55 CEST 2007 

Klaus Darilion wrote:
> This is an old problem - often called registration hijacking.

Some call it a feature: 3rd party registration ;-)

/Christian


> 
> After authentication, use check_to() for REGISTER and check_from() for 
> all other SIP requests.
> 
> regards
> klaus
> 
> Marc LEURENT schrieb:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I have a security matter with my configuration (default one), it's 
>> possible to register using login/password and to set anything in the 
>> contact field.
>> So if you have an account 106/password, it's possible to be 105 in the 
>> location database!
>>
>> How is it possible to deny that kind of matter..? Thanks
>>
>> Is it useful to use: method_filtering of the REGISTRAR module
>> Or is it better to so something whith the values below and a compare 
>> function??
>> $ct - reference to body of contact header
>> $ar - realm from Authorization or Proxy-Authorization header
>> $au - username from Authorization or Proxy-Authorization header
>>
>> if ($ct != $au@$ar) {
>>     sl_send_reply("403", "User and login must be the same");
>> };
>>
>> Best Regards,
>>
>> Marc LEURENT
>>
>>
>> #
>> U 82.127.0.79:1045 -> 88.191.45.91:5060
>> REGISTER sip:sd-7501.dedibox.fr;user=phone SIP/2.0.
>> Via: SIP/2.0/UDP 82.127.0.79:1046;branch=z9hG4bK5808036470869310420.
>> From: <sip:105 at sd-7501.dedibox.fr:5060;user=phone>;tag=c0a80101-38c0e7.
>> To: <sip:105 at sd-7501.dedibox.fr:5060;user=phone>.
>> Call-ID: 29eb6e9-c0a80101-5-17 at 192.168.95.70.
>> CSeq: 90 REGISTER.
>> Max-Forwards: 70.
>> Expires: 3600.
>> Contact: <sip:105 at 82.127.0.79:1046;user=phone>.
>> Authorization: Digest username="106", realm="sd-7501.dedibox.fr", 
>> nonce="46dfceb402cad04812873b855bc50ea65aa99ed5", 
>> uri="sip:sd-7501.dedibox.fr",
>> response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth, 
>> cnonce="38c102", nc=00000001.
>> User-Agent: THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4.
>> Allow-Events: refer,dialog,message-summary,check-sync,talk,hold.
>> Content-Length: 0.
>> .
>>
>>
>>         AOR:: 105
>>                 Contact:: sip:105 at 82.127.0.79:1046;user=phone Q=
>>                         Expires:: 194
>>                         Callid:: 29eb6e9-c0a80101-5-17 at 192.168.95.70
>>                         Cseq:: 92
>>                         User-agent:: THOMSON ST2030 hw0 fw1.56 
>> 00-0E-50-4E-AF-C4
>>                         Received:: sip:82.127.0.79:1045
>>                         State:: CS_SYNC
>>                         Flags:: 0
>>                         Cflag:: 192
>>                         Socket:: udp:88.191.45.91:5060
>>                         Methods:: 4294967295
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.7 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFG39AIqjpLE0HiOBYRAiUKAJ9Ilv+Zpbzw89tqWgwmHyVjU/DXugCgjEh8
>> 5XQKEAeiF/L4RWszGC2/yzQ=
>> =SXE9
>> -----END PGP SIGNATURE-----
>>
>> _______________________________________________
>> Users mailing list
>> Users at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users

More information about the sr-users mailing list