[OpenSER-Users] my small security breach REGISTER

Daniel-Constantin Mierla daniel at voice-system.ro
Thu Sep 6 14:47:24 CEST 2007



On 09/06/07 15:40, Christian Schlatter wrote:
> Klaus Darilion wrote:
>> This is an old problem - often called registration hijacking.
>
> Some call it a feature: 3rd party registration ;-)
indeed, to make everybody happy, the solution is provided by 
uri_db/check_from(), as stated in this thread. By that, any user can set 
a list of other users that can do registrations in its behalf, that's 
uri table for.

Daniel

>
> /Christian
>
>
>>
>> After authentication, use check_to() for REGISTER and check_from() 
>> for all other SIP requests.
>>
>> regards
>> klaus
>>
>> Marc LEURENT schrieb:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> I have a security matter with my configuration (default one), it's 
>>> possible to register using login/password and to set anything in the 
>>> contact field.
>>> So if you have an account 106/password, it's possible to be 105 in 
>>> the location database!
>>>
>>> How is it possible to deny that kind of matter..? Thanks
>>>
>>> Is it useful to use: method_filtering of the REGISTRAR module
>>> Or is it better to so something whith the values below and a compare 
>>> function??
>>> $ct - reference to body of contact header
>>> $ar - realm from Authorization or Proxy-Authorization header
>>> $au - username from Authorization or Proxy-Authorization header
>>>
>>> if ($ct != $au@$ar) {
>>>     sl_send_reply("403", "User and login must be the same");
>>> };
>>>
>>> Best Regards,
>>>
>>> Marc LEURENT
>>>
>>>
>>> #
>>> U 82.127.0.79:1045 -> 88.191.45.91:5060
>>> REGISTER sip:sd-7501.dedibox.fr;user=phone SIP/2.0.
>>> Via: SIP/2.0/UDP 82.127.0.79:1046;branch=z9hG4bK5808036470869310420.
>>> From: <sip:105 at sd-7501.dedibox.fr:5060;user=phone>;tag=c0a80101-38c0e7.
>>> To: <sip:105 at sd-7501.dedibox.fr:5060;user=phone>.
>>> Call-ID: 29eb6e9-c0a80101-5-17 at 192.168.95.70.
>>> CSeq: 90 REGISTER.
>>> Max-Forwards: 70.
>>> Expires: 3600.
>>> Contact: <sip:105 at 82.127.0.79:1046;user=phone>.
>>> Authorization: Digest username="106", realm="sd-7501.dedibox.fr", 
>>> nonce="46dfceb402cad04812873b855bc50ea65aa99ed5", 
>>> uri="sip:sd-7501.dedibox.fr",
>>> response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, 
>>> qop=auth, cnonce="38c102", nc=00000001.
>>> User-Agent: THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4.
>>> Allow-Events: refer,dialog,message-summary,check-sync,talk,hold.
>>> Content-Length: 0.
>>> .
>>>
>>>
>>>         AOR:: 105
>>>                 Contact:: sip:105 at 82.127.0.79:1046;user=phone Q=
>>>                         Expires:: 194
>>>                         Callid:: 29eb6e9-c0a80101-5-17 at 192.168.95.70
>>>                         Cseq:: 92
>>>                         User-agent:: THOMSON ST2030 hw0 fw1.56 
>>> 00-0E-50-4E-AF-C4
>>>                         Received:: sip:82.127.0.79:1045
>>>                         State:: CS_SYNC
>>>                         Flags:: 0
>>>                         Cflag:: 192
>>>                         Socket:: udp:88.191.45.91:5060
>>>                         Methods:: 4294967295
>>>
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.7 (GNU/Linux)
>>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>>
>>> iD8DBQFG39AIqjpLE0HiOBYRAiUKAJ9Ilv+Zpbzw89tqWgwmHyVjU/DXugCgjEh8
>>> 5XQKEAeiF/L4RWszGC2/yzQ=
>>> =SXE9
>>> -----END PGP SIGNATURE-----
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
>> _______________________________________________
>> Users mailing list
>> Users at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>




More information about the sr-users mailing list