Fake CID when SIP friend authenticated

Hello all,

I did not found any information in forums, so my trouble:


In case SIP friend successfully authenticated on my server, he can send caller id which not belongs to him.
For example: sip 1717 can do “From: “1704” <sip:1704@” and call goes ok, and in CDR string with 1704 with improper account code. So, i can’t do correct billing.

Force the caller id in their sip.conf entry. Also, using the channel for billing may be better than using the caller ID.

I use a2b for billing, and as i can see there, billing goes like it was described previously.

Can asterisk control client sip friend accounts “sip num register / from sip num during call”?

BTW, channel also looks like SIP/1704-0000a135 instead SIP/1717-…

It is bad practice to have user (friend) names that match the extension number; it makes dictionary attacks easy.

It is bad practice to have a friend if you only need a peer.

It is very bad practice to have the same password on everything, or no password on someone you can bill/local users.

As far a Asterisk is concerned, it is dealing with 1704, so there is no way that it can know the true source to correctly force its extension number. I’m not sure that forcing the CLID later than in sip.conf will work for CDRs.

Passwords are not the same, passwords always differs.

Probably i found not best way, how to bill multiply clients on same asterisk server, but how you suggest to do? How to be sure, that exactly specified client client preforming call? By IP?

In that case you must have insecure=invite in a context where it is not safe to use.

You need device names that cannot be spoofed by CLIDs, or to configure as pure peers and identify by IP address.

What do you think if i’ll use following expression:

GotoIf($[$["${SIPPEER(${CHANNEL(peername)})}" != “${CHANNEL(recvip)}”] | $["${SIPPEER(${CHANNEL(peername)})}" = “”]]?hang)


I discovered, that in case victim’s sip unregistered ${SIPPEER(${CHANNEL(peername)})} will return nothing,
or, if victim’s sip registered, IP addresses will not be same.