[Asterisk-Users] Asterisk security problem: authorized SIP users can
fake any callerid!
Edwin Groothuis
edwin at mavetju.org
Fri Mar 11 14:02:12 MST 2005
On Fri, Mar 11, 2005 at 01:13:25PM -0600, asterisk-users-request at lists.digium.com wrote:
> all that started by investigating what happens if SIP clients are
> calling anonymously.
> The problem: Every client who is registered as a regular user with
> username and secret can fake any callerid in subsequent INVITEs.
> Asterisk does not apply an accountcode or callerid from sip.conf. Those
> calls end up unbilled and untraceable.
I have had this problem too, and was honestly expecting the regexten
to show up there instead of the number provided by the user (at
least with CALLERIDNUM)
> Is there any way to fix this problem - did I misunderstand something,
> what am I doing wrong?
Besides setting it in the sip.conf (callerid="Foo Bar" <911>), no.
Edwin
--
Edwin Groothuis | Personal website: http://www.mavetju.org
edwin at mavetju.org | Weblog: http://weblog.barnet.com.au/edwin/
More information about the asterisk-users
mailing list