Are you referring to the source address of the SIP REGISTER request itself? If so, you can constrain that, but it would be fairly useless to spoof it in the general sort of way in which all IP spoofing is fairly pointless except in a few very particular scenarios, because the reply will not be routed back correctly to the real initiator.
A more serious problem is the IP address in the Contact binding of the user, which is the actual SIP URI to which incoming calls to a registrant are directed. Without constraining this value, a user can, in principle, submit any Contact URI, including a Contact URI that contains a third-party destination, or, even worse, your own PSTN gateways (which process all calls from trusted IPs, let's say). Now they call their DID and the call is routed back out to the PSTN through your own platform while bypassing any billing mechanisms; huge toll fraud hole. As far as I know, Asterisk has no way to restrict the content of the domain portion of the Contact URI. However, most commercial SBCs should have a way to filter this, and it is highly recommended that you do so. gergis.rasmy wrote: > Is there a way to ensure that the source IP address from witch the SIP > user register is not tampred with , is there a feild in the SIP register > message header can be used to achive this security ? > > i have an asterisk server in witch SIP users register through an > SBC(session border controller) , i wanna make sure that those users are > really registering from the IP they are claimming they are registering > from and that the source IP not changed in the middle of the path > > > > |SIP client|-----------|internet|-----------|SBC|----------|asterisk| > > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- Alex Balashov - Principal Evariste Systems Web : http://www.evaristesys.com/ Tel : (+1) (678) 954-0670 Direct : (+1) (678) 954-0671 _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
