23 Dec
2008
23 Dec
'08
10:26 a.m.
Juha Heinanen schrieb:
IƱaki Baz Castillo writes:
Not sure if this is enough - the attacker could omit the Route header
pointing to the proxy. Maybe the check should use $dd which is set if
another Route header is present.
regard
klaus
- alice sends this BYE:
BYE sip:PSTN_NUMBER@PSTN_GATEWAY SIP/2.0
Route: <sip:PROXY_IP>
Route: <sip:alice@ALICE_PHONE_IP>
in this particular case, you could call to_gw() and find out that
request is going to gw and, if so, drop the request it is has more than
one route header (the one for the proxy itself).