SIP header spoofing CHANNEL(recvip)?

Home » Asterisk Users » SIP header spoofing CHANNEL(recvip)?
Asterisk Users 1 Comment

I am currently suffering various SIP attacks. I am using the following
extension to record the caller’s IP address:

exten => h,n,set(CDR(srcip)=${CHANNEL(recvip)})

However, in recent attacks, this IP address is not correct, and I
believe that they are spoofing it. I am using asterisk 1.6.2.15.

Does the CHANNEL(recvip) variable record IP show in the SIP header
instead of the real, UDP source IP? If the CHANNEL(recvip) variable
records the IP address set in the SIP header, and not the real IP
address, how can I obtain the REAL IP address of the caller?

One thought on - SIP header spoofing CHANNEL(recvip)?

  • I was wondering if these could be spoofed recently when reading the docs.

    Have you tried peerip rather than recvip?

    Does that give the same result?

    Nic.