[Asterisk-Users] verify Request URI

Michael Kreilmeier lists at kreilmeier.at
Wed May 19 03:41:47 MST 2004


Hello!

Does anybody know of a way to access the Request URI in a SIP message?

I've got the following problem/scenario:

We have a SIP Proxy (SER) wich forwards SIP-messages for non-IP 
destinations to our Asterisk. There is no authentication done between 
Asterisk and SER. I've configured Asterisk to accept any request for a 
PSTN-line from SER's IP-address.
Since we allow IP-to-IP calls for free somebody could trick us by doing 
the following:

He buys a domain and resolves "hisdomain.com" to our Asterisk-IP. Now he 
calls "someone at hisdomain.com" using our proxy (that's ok if he is a 
registered with us). SER resolves "hisdomain.com" and forwards the call 
to Asterisk. If "someone at hisdomain.com" looks like 
"00431234567 at hisdomain.com" asterisk is dialing this PSTN-number.

So my solution would be to match the domainname in the SIP-Request-URI 
against our domain or the Asterisk-IP. How could I do that?

Thanks in advance for any information,
Michael Kreilmeier




More information about the asterisk-users mailing list