[asterisk-users] security: SIP header spoofing CHANNEL(recvip)?

Alejandro Recarey alexrecarey at gmail.com
Thu Aug 25 05:33:49 CDT 2011


I am currently suffering various SIP attacks. I am using the following
extension to record the caller's IP address:

exten => h,n,set(CDR(srcip)=${CHANNEL(recvip)})

However, in recent attacks, this IP address is not correct, and I
believe that they are spoofing it. I am using asterisk 1.6.2.15.

Does the CHANNEL(recvip) variable record IP show in the SIP header
instead of the real, UDP source IP? If the CHANNEL(recvip) variable
records the IP address set in the SIP header, and not the real IP
address, how can I obtain the REAL IP address of the caller?



More information about the asterisk-users mailing list