[SR-Users] loose_route security

Klaus Darilion klaus.mailinglists at pernau.at
Mon Apr 18 09:41:57 CEST 2011



Am 17.04.2011 13:54, schrieb Juha Heinanen:
> Iñaki Baz Castillo writes:
> 
>> Depending on our topology we can just ask for authentication for every
>> in-dialog request (unless it comes from a trusted node as a PSTN gw)
>> but without trying to check the identity of the in-dialog request
>> originator. Well, the identity is asserted by the proxy after
>> authentication success. During an in-dialog request it doesn't matter
>> the From/To URI value (this is not true in an initial INVITE in which
>> From is usually used for accounting and CLI.
> 
> inaki,
> 
> lets say that a sip ua has dialog established with pstn gw and the sip
> ua sends refer to pstn gateway for the purpose of transferring the call
> to another pstn destination.  in that case, referred-by uri is used for
> accounting of the new pstn leg.

I use Asterisk as AS/GW and I do not trust Refered-By (especially within
Asterisk it is not authenticated thus it can contain anything) - I use
the peer information in Asterisk internally for accounting.

Of course it should be safe to use Refered-By header if you requires
authentication and check auth-user with Refered-By. (maybe i should add
this to my proxy :)

regards
klaus



More information about the sr-users mailing list