[Asterisk-Users] Asterisk security problem: authorized SIP users
can fake any callerid!
Eric Wieling
eric at fnords.org
Fri Mar 11 11:32:10 MST 2005
Deti Fliegl wrote:
> Hi there,
>
> all that started by investigating what happens if SIP clients are
> calling anonymously.
> The problem: Every client who is registered as a regular user with
> username and secret can fake any callerid in subsequent INVITEs.
> Asterisk does not apply an accountcode or callerid from sip.conf. Those
> calls end up unbilled and untraceable.
>
> Is there any way to fix this problem - did I misunderstand something,
> what am I doing wrong?
callerid=Anonymous User <5556667777> in [general] in sip.conf.
A better way would be to set context=INVALID (or some other not valid
context). Then make sure each client has context=something in their
[happysipclient] section.
Create a sip.conf entry:
[guest]
context=something
callerid=Anonymous User <5556667777>
disallow=all
allow=gsm
--
Always do right. This will gratify some people and astonish the rest.
Mark Twain
More information about the asterisk-users
mailing list