7 Jun
2005
7 Jun
'05
11:08 a.m.
Juha Heinanen wrote:
Jan Janak writes:
Thus you should not allow loose_routing for out-of-dialog requests. Even
if a customer bypasses your PSTN routing logic by using a sip uri with a
domain which resolves to the IP address of the gateway, you can bill the
call as the user was authenticated.
regards,
klaus
The gateway should check if the request is
coming from the IP and port
of the trusted proxy server and in addition to that it should verify
that the Request-URI contains the IP (not hostname) and port that belongs
to the gateway.
just to let people know, cisco ios gws do NOT check host part of
request-uri belongs to itself and thus happily process any invite they
receive. as far as i know, there is currently no way to configure such
a check in ios gws.