[asterisk-users] security: SIP header spoofing CHANNEL(recvip)?

Nic Colledge nic at njcolledge.net
Thu Aug 25 10:24:20 CDT 2011


I was wondering if these could be spoofed recently when reading the docs.

Have you tried peerip rather than recvip?

Does that give the same result?

Nic.

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Alejandro Recarey
Sent: 25 August 2011 11:34
To: Asterisk Users Mailing List
Subject: [asterisk-users] security: SIP header spoofing CHANNEL(recvip)?

I am currently suffering various SIP attacks. I am using the following
extension to record the caller's IP address:

exten => h,n,set(CDR(srcip)=${CHANNEL(recvip)})

However, in recent attacks, this IP address is not correct, and I
believe that they are spoofing it. I am using asterisk 1.6.2.15.

Does the CHANNEL(recvip) variable record IP show in the SIP header
instead of the real, UDP source IP? If the CHANNEL(recvip) variable
records the IP address set in the SIP header, and not the real IP
address, how can I obtain the REAL IP address of the caller?

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users





More information about the asterisk-users mailing list