[asterisk-dev] bypass "contactdeny" option with nat=yes
Klaus Darilion
klaus.mailinglists at pernau.at
Tue May 4 14:25:20 CDT 2010
Hi!
As suggested by the bugtracker manager I post this issue on the mailing
list: https://issues.asterisk.org/view.php?id=17276
The contactdeny option in sip.conf can be used to prevent that a user
registers certain contact IPs. Therefore, the Contact URI is verified.
But in case of "nat=yes", the contact URI is not even used for routing,
thus it does not make sense to screen the contact URI. IMO it does not
even make sense, but it is a bug because if the malicious user sends the
requests from a denied IP address (e.g. using src-ip-spoofing) it is
possible to bypass this security option.
The solution is rather easy - in case of nat=yes the rcvd-address should
be screened instead of the Contact URI.
regards
klaus
More information about the asterisk-dev
mailing list