<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">2) Your asterisk will immediately try to make the required connection (if it's<br>
configured this way, for example with allowguest=yes, which is necessary for<br>
people, wanting to be reachable for example by ENUM or other publicly<br>
available methods).<br>
It's possible that the call will be established BEFORE the incoming leg<br>
recognizes that nobody is there (because of the spoofed IP address) and it<br>
will cost you money (in the case that the attacker finds an unprotected<br>
prefix from your Asterisk outside). And somebody can maliciously make a fraud<br>
on you, if he wants, and you will be unable to find his identity, because he<br>
never sends a single packet with his real IP address! He can go even further<br>
and by systematically supplying an IP address of someone else, he can cause<br>
that you will block or maybe even try to prosecute an innocent person.<br>
<div class="im"><br></div></blockquote><div><br></div><div>Sorry, I am not following your analogy at all. I have already said I use allowguest=no (beside an if condition easily check for that). My Asterisk server is not a court of law to prosecute innocent people :-) Remember that hackers are looking for money and they just won't attack you for the heck of it or to just confuse you.,</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
> In that case maybe<br>
> Asterisk can pull the IP from network layer of the OS?!<br>
<br>
</div>Of course it can, but please be informed, that at least on systems I'm<br>
running, a lot of attacks are done with spoofed source IP addresses. <br></blockquote><div><br></div><div>There is no such thing as spoofed IP in the TCP/IP world. No one can ever spoof their IP. PERIOD. If Asterisk takes the source address from OS network layer then it won't be the spoofed IP. SIP packets IP spoofing is more of a feature than even being called spoofing.</div>
<div><br></div><div>Best,</div></div>