[Asterisk-Users] Asterisk security problem: authorized SIP users can fake any callerid!

Edwin Groothuis edwin at mavetju.org
Fri Mar 11 14:02:12 MST 2005


On Fri, Mar 11, 2005 at 01:13:25PM -0600, asterisk-users-request at lists.digium.com wrote:
> all that started by investigating what happens if SIP clients are 
> calling anonymously.
> The problem: Every client who is registered as a regular user with 
> username and secret can fake any callerid in subsequent INVITEs. 
> Asterisk does not apply an accountcode or callerid from sip.conf. Those 
> calls end up unbilled and untraceable.

I have had this problem too, and was honestly expecting the regexten
to show up there instead of the number provided by the user (at
least with CALLERIDNUM)

> Is there any way to fix this problem - did I misunderstand something, 
> what am I doing wrong?

Besides setting it in the sip.conf (callerid="Foo Bar" <911>), no.

Edwin
-- 
Edwin Groothuis      |            Personal website: http://www.mavetju.org
edwin at mavetju.org    |          Weblog: http://weblog.barnet.com.au/edwin/



More information about the asterisk-users mailing list