asterisk users - Aug 2011 - security: SIP header spoofing CHANNEL(recvip)?

I am currently suffering various SIP attacks. I am using the following
extension to record the caller's IP address:

exten => h,n,set(CDR(srcip)=${CHANNEL(recvip)})

However, in recent attacks, this IP address is not correct, and I
believe that they are spoofing it. I am using asterisk 1.6.2.15.

Does the CHANNEL(recvip) variable record IP show in the SIP header
instead of the real, UDP source IP? If the CHANNEL(recvip) variable
records the IP address set in the SIP header, and not the real IP
address, how can I obtain the REAL IP address of the caller?

I was wondering if these could be spoofed recently when reading the docs.

Have you tried peerip rather than recvip?

Does that give the same result?

Nic.

-----Original Message-----
From: asterisk-users-bounces at lists.digium.com [mailto:asterisk-users-bounces
at lists.digium.com] On Behalf Of Alejandro Recarey
Sent: 25 August 2011 11:34
To: Asterisk Users Mailing List
Subject: [asterisk-users] security: SIP header spoofing CHANNEL(recvip)?

I am currently suffering various SIP attacks. I am using the following
extension to record the caller's IP address:

exten => h,n,set(CDR(srcip)=${CHANNEL(recvip)})

However, in recent attacks, this IP address is not correct, and I
believe that they are spoofing it. I am using asterisk 1.6.2.15.

Does the CHANNEL(recvip) variable record IP show in the SIP header
instead of the real, UDP source IP? If the CHANNEL(recvip) variable
records the IP address set in the SIP header, and not the real IP
address, how can I obtain the REAL IP address of the caller?

--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users