What gives you that idea? Most likely, they spoofed an IP.
Paul Belanger <paul.belan...@polybeacon.com> wrote:
>On Thu, Mar 7, 2013 at 5:24 PM, Alex Balashov
><abalas...@evaristesys.com> wrote:
>> Because digest authentication is a far from self-evident or universal
>> use-case for Kamailio.
>>
>>
>> Paul Belanger <paul.belan...@polybeacon.com> wrote:
>>>
>>> Greeting,
>>>
>>> Hopefully, I'm understanding the following default kamailio.cfg[1]
>>> file. Over the weekend, I was attached by SipVicious. Following
>>> along with the example Daniel[2] create with kamailio and asterisk,
>I
>>> have almost the same setup. Rather then storing my SIP profiles in
>>> Asterisk database, I have then in Kamailio.
>>>
>>> To my point, the attacker was actually able to by pass any sort of
>>> authentication, but simply sending an INIVTE message:
>>>
>>> ./svmap.py -e 18885551234 kamailio.example.org -m INVITE
>>>
>>> Which kamailio, forwarded to Asterisk and because there is no
>>> additional auth within asterisk, was able to hit the asterisk
>context
>>> for getting processed (they did not get out to the real world).
>>> However, my question is.... why do we not
>>> authenticate INVITE
>>> messages? If my understanding is correct, if would require
>something
>>> like the following:
>>>
>>> if (is_method("INVITE")) {
>>> if (!proxy_authorize("$fd", "subscriber")) {
>>> proxy_challenge("$fd", "0");
>>> exit;
>>> }
>>> }
>>>
>>> If so, why not also do it in the default configuration file?
>>>
>>> [1]
>>>
>http://git.sip-router.org/cgi-bin/gitweb.cgi?p=sip-router;a=blob_plain;f=etc/kamailio.cfg;hb=HEAD
>>> [2]
>>>
>http://kb.asipto.com/asterisk:realtime:kamailio-3.3.x-asterisk-10.7.0-astdb
>>
>So that is what confuses me. Why do we authenticate only when the
>user requests it?
>
>--
>Paul Belanger | PolyBeacon, Inc.
>Jabber: paul.belan...@polybeacon.com | IRC: pabelanger (Freenode)
>Github: https://github.com/pabelanger | Twitter:
>https://twitter.com/pabelanger
>
>_______________________________________________
>SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>sr-users@lists.sip-router.org
>http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Sent from my Nexus 10, with all the figments of autocorrect that might imply.
Alex Balashov - Principal
Evariste Systems LLC
235 E Ponce de Leon Ave
Suite 106
Decatur, GA 30030
United States
Tel: +1-678-954-0670
Web: http://www.evaristesys.com/, http://www.alexbalashov.com/_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
