[Asterisk-Users] Asterisk security problem: authorized SIP users can fake any callerid!

Eric Wieling eric at fnords.org
Fri Mar 11 11:32:10 MST 2005


Deti Fliegl wrote:

> Hi there,
> 
> all that started by investigating what happens if SIP clients are 
> calling anonymously.
> The problem: Every client who is registered as a regular user with 
> username and secret can fake any callerid in subsequent INVITEs. 
> Asterisk does not apply an accountcode or callerid from sip.conf. Those 
> calls end up unbilled and untraceable.
> 
> Is there any way to fix this problem - did I misunderstand something, 
> what am I doing wrong?

callerid=Anonymous User <5556667777> in [general] in sip.conf.

A better way would be to set context=INVALID (or some other not valid 
context).  Then make sure each client has context=something in their 
[happysipclient] section.

Create a sip.conf entry:
[guest]
context=something
callerid=Anonymous User <5556667777>
disallow=all
allow=gsm

-- 
Always do right. This will gratify some people and astonish the rest.
Mark Twain



More information about the asterisk-users mailing list