<div dir="ltr">Hello all,<div><br></div><div>out of curiosity, since i work in the voip field, i am playing with a freeswitch + fusionpbx setup from a few weeks.</div><div>I put it on a linux machine with public ip address, no firewall.</div>
<div>The scenario is quite simple: it has a gateway towards a VoIP provider and one extension that is a softphone behind NAT (in my LAN).</div><div>All works smoothly.</div><div><br></div><div>Of course I received a lot of scans in these days, and i configured my fail2ban to react properly. But yesterday I received a call attempt from a malicious users on the public context (where resides the gateway to my voip provider) and this has been processed.</div>
<div>Of course the call hasn't got through since the called number was not my own number, and it has been dropped in the public context without being transferred to the default context.</div><div>But, if the attacker would guess my public number, i think i could receive a unauthorized call inbound to my softphone.</div>
<div>And since this kind of calls are processed, i think i am suitable to be DDoS-ed.</div><div><br></div><div>There comes a more theoretical question about the SIP protocol (I have posted it on the sip-implementors ML without any reply):</div>
<div><br></div><div><i>Let's have a very common scenario, where a sip "client" A (my freeswitch) interacts with a sip server B<br></i></div><div><div><i>(my voip provider).</i></div><div><i>To keep things simple, the interactions are registrations (REGISTER) and calls (INVITE and ACK).</i></div>
<div><i>The administrator configured A with credentials that have been registered on B, so REGISTERs and INVITEs</i></div><div><i>incoming to B are authenticated.</i></div><div><i><br></i></div><div><i>Now in this network a malicious user appears, let's call it C.</i></div>
<div><i><br></i></div><div><i>Of course it will be not able to send any malicious request to B, since B will ask for credentials (that C does</i></div><div><i>not know) and subsequentially drop the unauthorized requests.</i></div>
<div><i>What about A? What if C sends an unsolicited call to A?</i></div><div><i><br></i></div><div><i>At this point A has a "registration" up with B, so they are exchanging some informations.</i></div><div><i>Is A able to recognize that the call C is sending it is "not related" to its "registration session" with B? (of</i></div>
<div><i>course without dealing with network addresses)</i></div><div><i><br></i></div><div><i>For example, A and B are exchanging some random tags.</i></div><div><i>Are they brought (by protocol, and not as an proprietary extension) in the subsequent dialogs initiated by</i></div>
<div><i>B towards A, so that A can recognize them?</i></div><div><i><br></i></div><div><i>If that is the case, can you point me to the exact point of the RFC that states it?</i></div></div><div><i><br></i></div><div>Thank you to anyone that reached here to read :)</div>
<div><br></div><div>Kind regards,</div><div>Sandro.</div><div><br></div></div>