[Asterisk-Users] Asterisk security problem: authorized SIP users
can fake any callerid!
Deti Fliegl
deti at fliegl.de
Fri Mar 11 11:06:20 MST 2005
Hi there,
all that started by investigating what happens if SIP clients are
calling anonymously.
The problem: Every client who is registered as a regular user with
username and secret can fake any callerid in subsequent INVITEs.
Asterisk does not apply an accountcode or callerid from sip.conf. Those
calls end up unbilled and untraceable.
Is there any way to fix this problem - did I misunderstand something,
what am I doing wrong?
Deti
More information about the asterisk-users
mailing list