Hello,
I'm trying to comprehend loose routing concept and I have a question that concerns me. As far as I understand loose routing says that if there're Route headers in a message it should be forwarded according to the URIs set in Route headers. I thought that this is true only within a dialog, but RFC3261 (part 16.6) says: "Requests establishing a dialog may contain a preloaded Route header field." Also SER manual says: " the failure not to include loose routing in your scripts may lead to infinite loops. Make sure that you include the following script fragment immediately after request sanity checks" and provide the following piece of code: if (loose_route()) { t_relay(); break; };
which as far as I understand unconditionally forwards message if Route header is present. So I'm wondering what about security? If I follow this guidelines how I would shield my PSTN gateway if anyone can construct message and pre-load it with URI of my gateway and all my proxies must honor it. For example I have a PSTN gateway on ip address 10.1.1.5 and proxy on 10.1.1.10 that supposed to interface outside world. So I guess if someone construct a message like this:
INVITE sip:12345@somewhere.com SIP/2.0 ... Route: sip:12345@10.1.1.5;lr
my proxy will forward it to PSTN gateway and it will make outbound call.
Is this true? Please enlighten me on this. Thank you,
Michael