[Kamailio-Users] uac_replace_from check
Daniel-Constantin Mierla
miconda at gmail.com
Wed Apr 1 15:49:59 CEST 2009
On 04/01/2009 01:35 PM, Juha Heinanen wrote:
> Daniel-Constantin Mierla writes:
>
> > Indeed, there can be an extra check there. Not sure how much protection
> > it adds here. When X calls Y, if caller is trusted (e.g., auth user,
> > trusted peer) then either call goes to costly resource (PSTN) that is
> > also trusted, to a local user or untrusted destination, case in which
> > you route only if does not cost you anything. If local users are not
> > trustable and use "custom UA", then replies can go to first Via,
> > skipping the rest of Via stack, ignoring negative replies after 200ok.
> > Unless there is symmetric nat and they are forced to use the proxy, the
> > safest will be a b2bua.
>
> i don't understand, how the above relates to the security issue that i
> brought up. it has nothing to do with cost, but a possibility to make
> uac send in-dialog requests so that they by-pass the proxy. nasty
> things documented earlier can happen if that is not prevented.
>
I meant protection so that proxy does not lose control of the call. If
proper R-R processing according to specs is avoided on purpose or not by
UA, it is hard to correct something on a proxy.
> > Say you get a 200OK to an INVITE with spoofed r-r, should it be
> > dropped?
>
> definitely yes. there could, for example, be a flag that tells if the
> check needs to be done, so that you don't waste resources needlessly if
> uas is trusted.
>
It is more complex that it looks, proper ending in that stage will be:
- drop 200ok
- send negative reply upstream
- ack downstream
- bye downstream
- catch 200ok for by
If simply drop te 200ok, there will be retransmission flowing around.
Cheers,
Daniel
--
Daniel-Constantin Mierla
More information about the sr-users
mailing list