El Friday 14 December 2007 07:02:37 Juha Heinanen escribió: > Iñaki Baz Castillo writes: > > How to handle it? is it not a real security hole? > > 1) buy pstn gws that accept no hostnames (just its own ip address) in > the hostpart of r-uri. example, cisco ios with later software > releases.
So really isn't there solution just in OpenSer-Registrar side?? > 2) forget the hostpart check all together and instead check the > userpart, where you have put something special that the gw then > removes. So you mean for example: register.deny: -------------------- ALL : "^sip:.*secret_word_.*@" ---------------------- And later, in any call to PSTN OpenSer should add: $ru = "secret_word_" + $ru; so the uri arriving to the gw becomes: sip:[EMAIL PROTECTED] And the gw should just allow calls from OpenSer with urri username beginning with "secret_word_" and it should strip it. Is this what you mean? anyway, a little complex, isn't it? XDD Regards. -- Iñaki Baz Castillo [EMAIL PROTECTED] _______________________________________________ Users mailing list [email protected] http://lists.openser.org/cgi-bin/mailman/listinfo/users
