I was wondering if these could be spoofed recently when reading the docs. Have you tried peerip rather than recvip?
Does that give the same result? Nic. -----Original Message----- From: asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Alejandro Recarey Sent: 25 August 2011 11:34 To: Asterisk Users Mailing List Subject: [asterisk-users] security: SIP header spoofing CHANNEL(recvip)? I am currently suffering various SIP attacks. I am using the following extension to record the caller's IP address: exten => h,n,set(CDR(srcip)=${CHANNEL(recvip)}) However, in recent attacks, this IP address is not correct, and I believe that they are spoofing it. I am using asterisk 1.6.2.15. Does the CHANNEL(recvip) variable record IP show in the SIP header instead of the real, UDP source IP? If the CHANNEL(recvip) variable records the IP address set in the SIP header, and not the real IP address, how can I obtain the REAL IP address of the caller? -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
