I think I asked this question before, but I honestly can't remember (been one of those weeks).
How can I avoid someone spoofing caller ID by just putting in fake info into their Display Name field in their UA client? I'd like to be able to replace the display name with one of my choosing (preferably based on some rules about the caller's ID... i.e. if the caller is a user on our system, replace his/her display name with the last name, first name from the DB subscriber info. If the caller is from a different system, remove the display name completely and just pass the sip info so that at least a valid identification is seen).
This involves the dreaded modification of the From: header (although it shouldn't break RFC because it doesn't actually involve modifying the URI.
Is there a reasonable way to do this or does this call for some more module hacking (maybe taking bits from the UAC module and rewriting it to accept an avp or some such) ?
N.
You use check_to and check_from.
As for From modification: Some UAs use From and To for matching messages in the same dialog. These are primarily older ones and allthough the general recommendation is "don't do it", I'm not sure how many of these there are out there now. Anyone?
UAC solves this by changing back and forth. g-)
----- Original Message ----- From: "sip" sip@arcdiv.com To: serusers@lists.iptel.org Sent: Friday, October 21, 2005 03:43 PM Subject: [Serusers] Avoiding caller ID spoofing....
I think I asked this question before, but I honestly can't remember (been one of those weeks).
How can I avoid someone spoofing caller ID by just putting in fake info into their Display Name field in their UA client? I'd like to be able to replace the display name with one of my choosing (preferably based on some rules about the caller's ID... i.e. if the caller is a user on our system, replace his/her display name with the last name, first name from the DB subscriber info. If the caller is from a different system, remove the display name completely and just pass the sip info so that at least a valid identification is seen).
This involves the dreaded modification of the From: header (although it shouldn't break RFC because it doesn't actually involve modifying the URI.
Is there a reasonable way to do this or does this call for some more module hacking (maybe taking bits from the UAC module and rewriting it to accept an avp or some such) ?
N.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
The problem with check_to and check_from are that they don't quite do what I want.
For instance, if Bob Smith with the number 1-101-991-9298 (11019919298@my.server.com) puts, in his display name section "Steve Geldorf" then when he calls someone, they're liable to see the name "Steve Geldorf" and say "Oh... Steve... he's a great guy... I'll answer the phone!" only to be greeted by the grating and unpleasant voice of Bob Smith whom they've been trying to avoid for weeks.
Alternatively, if they enter in to their display name "16612121115@another.server.com" then THAT name will show up on the 'caller ID' incoming call, yet again fooling a good number of people (it's generally pretty easy to fool people) into thinking that they're receiving a call from someone else -- perhaps someone they trust.
The trick would be to either remove the display name field altogether from the From: message and just put the number... or to replace it with a "last_name, first_name" lookup from the database to ensure that, at least for local users, there's accountability... and for remote users dialing in (yes, we allow that), that their valid information is displayed (by valid, I mean that their basic username@domain is displayed).
I've seen this done in many a provider, and I was just wondering if they're simply using Asterisk to get around this security hole, or if they've written their own modules to handle it, or if there's a logical, elegant solution I've yet to see.
N.
On Mon, 24 Oct 2005 07:40:16 +0200, Greger V. Teigre wrote
You use check_to and check_from.
As for From modification: Some UAs use From and To for matching messages in the same dialog. These are primarily older ones and allthough the general recommendation is "don't do it", I'm not sure how many of these there are out there now. Anyone?
UAC solves this by changing back and forth. g-)
----- Original Message ----- From: "sip" sip@arcdiv.com To: serusers@lists.iptel.org Sent: Friday, October 21, 2005 03:43 PM Subject: [Serusers] Avoiding caller ID spoofing....
I think I asked this question before, but I honestly can't remember (been one of those weeks).
How can I avoid someone spoofing caller ID by just putting in fake info into their Display Name field in their UA client? I'd like to be able to replace the display name with one of my choosing (preferably based on some rules about the caller's ID... i.e. if the caller is a user on our system, replace his/her display name with the last name, first name from the DB subscriber info. If the caller is from a different system, remove the display name completely and just pass the sip info so that at least a valid identification is seen).
This involves the dreaded modification of the From: header (although it shouldn't break RFC because it doesn't actually involve modifying the URI.
Is there a reasonable way to do this or does this call for some more module hacking (maybe taking bits from the UAC module and rewriting it to accept an avp or some such) ?
N.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Oh, I see :-) Sorry, I misunderstood. Well, I think many providers handle this by turning off the web server in the UA and only allow config updates through remote download of the config file. If you want to do it server side, the uac module would definitely be the right place to start. g-) ----- Original Message ----- From: "sip" sip@arcdiv.com To: "Greger V. Teigre" greger@teigre.com; serusers@lists.iptel.org Sent: Monday, October 24, 2005 02:15 PM Subject: Re: [Serusers] Avoiding caller ID spoofing....
The problem with check_to and check_from are that they don't quite do what I want.
For instance, if Bob Smith with the number 1-101-991-9298 (11019919298@my.server.com) puts, in his display name section "Steve Geldorf" then when he calls someone, they're liable to see the name "Steve Geldorf" and say "Oh... Steve... he's a great guy... I'll answer the phone!" only to be greeted by the grating and unpleasant voice of Bob Smith whom they've been trying to avoid for weeks.
Alternatively, if they enter in to their display name "16612121115@another.server.com" then THAT name will show up on the 'caller ID' incoming call, yet again fooling a good number of people (it's generally pretty easy to fool people) into thinking that they're receiving a call from someone else -- perhaps someone they trust.
The trick would be to either remove the display name field altogether from the From: message and just put the number... or to replace it with a "last_name, first_name" lookup from the database to ensure that, at least for local users, there's accountability... and for remote users dialing in (yes, we allow that), that their valid information is displayed (by valid, I mean that their basic username@domain is displayed).
I've seen this done in many a provider, and I was just wondering if they're simply using Asterisk to get around this security hole, or if they've written their own modules to handle it, or if there's a logical, elegant solution I've yet to see.
N.
On Mon, 24 Oct 2005 07:40:16 +0200, Greger V. Teigre wrote
You use check_to and check_from.
As for From modification: Some UAs use From and To for matching messages in the same dialog. These are primarily older ones and allthough the general recommendation is "don't do it", I'm not sure how many of these there are out there now. Anyone?
UAC solves this by changing back and forth. g-)
----- Original Message ----- From: "sip" sip@arcdiv.com To: serusers@lists.iptel.org Sent: Friday, October 21, 2005 03:43 PM Subject: [Serusers] Avoiding caller ID spoofing....
I think I asked this question before, but I honestly can't remember (been one of those weeks).
How can I avoid someone spoofing caller ID by just putting in fake info into their Display Name field in their UA client? I'd like to be able to replace the display name with one of my choosing (preferably based on some rules about the caller's ID... i.e. if the caller is a user on our system, replace his/her display name with the last name, first name from the DB subscriber info. If the caller is from a different system, remove the display name completely and just pass the sip info so that at least a valid identification is seen).
This involves the dreaded modification of the From: header (although it shouldn't break RFC because it doesn't actually involve modifying the URI.
Is there a reasonable way to do this or does this call for some more module hacking (maybe taking bits from the UAC module and rewriting it to accept an avp or some such) ?
N.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Greger V. Teigre -
sip