[SR-Users] Record-Route IP Value
Alex Balashov
abalashov at evaristesys.com
Wed Nov 1 00:05:32 CET 2017
Hi,
A cleaner solution might make use of this, when processing in-dialog
requests where the Record-Route would have been turned into a Route set:
https://www.kamailio.org/wiki/cookbooks/5.0.x/pseudovariables#route_uri_-_uri_in_first_route_header
You could set a dialog-persistent variable indicating the original
source address of the caller and callee next-hops:
https://www.kamailio.org/wiki/cookbooks/5.0.x/pseudovariables#dlg_var_key
And then check in the onsend_route if the next-hop address,
https://www.kamailio.org/wiki/cookbooks/5.0.x/pseudovariables#next_hop_addressa
compares to one of those endpoints.
However, I would ask why you are so concerned about this particular
spoof attack. Putting a third-party address in Record-Route only affects
in-dialog requests (end-to-end ACK, BYE, re-INVITE, etc.), which, if
they cannot be matched to an existing dialog known by that destination,
will simply be discarded.
I would be more concerned about Contact spoofing in the registrar, if
you are using it.
-- Alex
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
More information about the sr-users
mailing list