14 Dec
2007
14 Dec
'07
3:59 a.m.
El Friday 14 December 2007 07:02:37 Juha Heinanen escribió:
Iñaki Baz Castillo writes:
So really isn't there solution just in OpenSer-Registrar side??
How to handle it? is it not a real security hole?
1) buy pstn gws that accept no hostnames (just its own ip address) in
the hostpart of r-uri. example, cisco ios with later software
releases. 2) forget the hostpart check all together and instead
check the
userpart, where you have put something special that the gw then
removes.
So you mean for example:
register.deny:
--------------------
ALL : "^sip:.*secret_word_.*@"
----------------------
And later, in any call to PSTN OpenSer should add:
$ru = "secret_word_" + $ru;
so the uri arriving to the gw becomes:
sip:secret_word_01666555444@gw_ip_or_hostname
And the gw should just allow calls from OpenSer with urri username beginning
with "secret_word_" and it should strip it.
Is this what you mean? anyway, a little complex, isn't it? XDD
Regards.
--
Iñaki Baz Castillo
ibc(a)in.ilimit.es