You could try the following:
If ser detects an outgoing call (like hisdomain.com), it starts an
external script (cpl-c module in ser) which lookups the domain (dig,
nslookup) and verifies it against the IP address of the asterisk box.
You would also have to take care of multiple returned IP addresses and
srv records for this domain as ser also uses them for resolving a
destination.
regards,
klaus
Michael Kreilmeier wrote:> Hello!
>
> Does anybody know of a way to access the Request URI in a SIP message?
>
> I've got the following problem/scenario:
>
> We have a SIP Proxy (SER) wich forwards SIP-messages for non-IP
> destinations to our Asterisk. There is no authentication done between
> Asterisk and SER. I've configured Asterisk to accept any request for a
> PSTN-line from SER's IP-address.
> Since we allow IP-to-IP calls for free somebody could trick us by doing
> the following:
>
> He buys a domain and resolves "hisdomain.com" to our Asterisk-IP.
Now he
> calls "someone@hisdomain.com" using our proxy (that's ok if
he is a
> registered with us). SER resolves "hisdomain.com" and forwards
the call
> to Asterisk. If "someone@hisdomain.com" looks like
> "00431234567@hisdomain.com" asterisk is dialing this PSTN-number.
>
> So my solution would be to match the domainname in the SIP-Request-URI
> against our domain or the Asterisk-IP. How could I do that?
>
> Thanks in advance for any information,
> Michael Kreilmeier
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users@lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
>