[Freeswitch-users] Usecure identification of Gateway (incoming call).
Artur Cichocki
acichocki at supermedia.pl
Tue Jan 18 16:13:56 MSK 2011
Hi.
What is the proper way of gateway identification in incoming call?
The variable_sip_gateway looks like directly taken from the sip_req_user
(username from INVITE).
Examples:
I am using two FS, FS2 as a gateway for FS1. Gateway name "testgw",
username "testuser", and a lua script dumping variables.
Case 1:
=======
Simple configuration according to FS wiki. Everything looks fine,
incoming call from FS2:
FS2: Registred as: Contact: "user"
<sip:gw+testgw at 212.180.x.x:5080;transport=udp;gw=testgw>
FS1: variable_sip_gateway: testgw
Case 2:
=======
Configuration with added:
<param name="extension-in-contact" value="true"/>
FS2: Registered as :Contact: "user"
<sip:testuser at 212.180.x.x:5080;transport=udp;gw=testgw>
FS1: variable_sip_gateway does not exist (!)
Case 3:
=======
Configuration from Case 1.
I am using Linksys SPA adapter, calling FS1 directly by ip, using
"gw+testgw" as a destination user/number.
FS1: variable_sip_gateway: testgw
(looks like serious security flaw)
--
Artur Cichocki
More information about the FreeSWITCH-users
mailing list