10 Apr
2006
10 Apr
'06
5:25 p.m.
I was under the impression check_from gathered its data from credentials
(requiring a proxy authorize)...
Still, though, documentation on it being what it is (i.e. a line saying simply
"Check From username against URI table or digest credentials." ), how would I
use it to check if a user isn't in the URI table but is pretending to be?
Couch it in a Search?
Like:
if(search("^From:.*@my.domain.com"))
{
if(!check_from())
{
error and exit
};
};
?
N.
On Mon, 10 Apr 2006 16:40:58 +0200, samuel wrote
check_from() ?
2006/4/10, sip <sip(a)arcdiv.com>om>:
> Is there a way anyone can readily think of to check to see if someone using
> our open proxy is calling through with a From header that attempts to fool the
> recipient into thinking the call is validly from one of our users?
>
> Scenario is this...
>
> While looking at the logs this morning, I noticed someone was calling a
> SIPPhone user through our proxy with a From: address that LOOKED like it was a
> user of ours, but using a username that doesn't actually exist.
>
> I'm wondering if there's anyway to check if someone is calling through us
with
> a From: address that looks like one of our users, but isn't.
>
> N.
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>