Hi Alex,
Thank You, i'm trying to use this config:
if($(hdr(Record-Route)[0]{nameaddr.uri}) != $si and $(hdr(Record-Route)[0]{nameaddr.uri})
!= $null) {
xlog("L_INFO","Spoofing attack detected from $si,
blocking");
exit;
} taken from here:
https://www.kamailio.org/wiki/tutorials/security/kamailio-security
but, it is not working because as you said the record-route - can be different, like in my
case: Record-Route: <sip:192.168.1.1;lr;did=637.07c7c2d7>
Temporarily, i solved using this configuration:
if($(hdr(Record-Route)[0]{nameaddr.uri}) != $null) {
if ( search_hf("Record-Route", ";", "f") ) {
$var(record_route) =
$(hdr(Record-Route)[0]{nameaddr.uri}{re.subst,/^sip:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3});.*/\1/});
if($var(record_route)) != $si {
xlogl("L_ERR","Spoofing Attack detected, Blocking\n");
exit;
}
} else {
if($(hdr(Record-Route)[0]{nameaddr.uri}) != $si) {
xlogl("L_ERR","Spoofing Attack detected, Blocking\n");
exit;
}
}
}; but, i'm not sure that this is right configuration - and maybe it could be done
better. How would you solve this problem?
Thank You.