Asterisk RealTime bind extension from ipaddr

I’m running a public Asterisk 1.4.22 RealTime system to serve worldwide users which authenticate with userid/pass.

I found a security problem which allows unregistered users to call throught the public system.

Asterisk RT logs the user’s ip address in the ipaddr field In the sip table.
For the example, assume user’s peer SIP/1234 is registered with ipaddr=1.2.3.4

On another Asterisk system, which has an ip address of 1.2.3.4 (like the SIP/1234 ip adrress), I setup a trunk that forwards calls to the public system address.
The problem is that the public system routes out any forwarded call as it was originated from SIP/1234.
The log inidicates that the call is from SIP/1234 !!!

When I remove the ip address of 1.2.3.4 from the sip/ipaddr field of the SIP/1234 peer, then the forwarded call is rejected.

What actually happens is that the public Asterisk RT system matches the ip address of the forwarded call with any peer with the same ipaddr and basically assume that it is the same user without really autheticating it with user/pass.

How can I prevent this security problem?

Any idea will be welcomed

Regards

Assaf