On 7/13/14 8:46 PM, James Cloos wrote:
I've noticed that all of the fraud attempts which come to my advertized
SRV destinations use ip addresses for the To and From headers and for the
INVITE line.
My code to verify that INVITEd addresses are valid expects domain names
or hostnames, not ip addresses in those fields.
Do any legitimate sip connections, after looking up NAPTR and/or SRV
records, use the SRV destinations' addresses in the INVITE attempt?
Or always the string from the sip: uri?
As NAPTR-advertized SRV targets, they have to accept SIP from
everywhere, but like an MX only pass on legitimate-looking calls
and refuse the rest.
How are clients obtaining URIs that reference your destinations? In
principle, the URIs that identify your destinations are strictly your
business. If you give out only URIs with domain names, then that is what
clients should be using. Only servers that are "responsible for the
domain" are permitted to translate those URIs.
So, if you only hand out URIs with domain names, you should feel free to
reject requests where the R-URI has your IP address.
Do your URIs contain names, or phone numbers in the user part?
Common practice has developed that servers are free to manipulate any
URI that appears to include a phone number, replacing the domain name as
they see fit.
IMO this is *wrong*, but I haven't been able to convince anybody else of
that.
Thanks,
Paul
_______________________________________________
Sip-implementors mailing list
Sip-implementors@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
