I've noticed that all of the fraud attempts which come to my advertized SRV destinations use ip addresses for the To and From headers and for the INVITE line.
My code to verify that INVITEd addresses are valid expects domain names or hostnames, not ip addresses in those fields. Do any legitimate sip connections, after looking up NAPTR and/or SRV records, use the SRV destinations' addresses in the INVITE attempt? Or always the string from the sip: uri? As NAPTR-advertized SRV targets, they have to accept SIP from everywhere, but like an MX only pass on legitimate-looking calls and refuse the rest. -JimC -- James Cloos <[email protected]> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
