> > Asterisk 1.4.42 > > > > Set alwaysauthreject=yes in [general] section of sip.conf. > > Restarted asterisk > > > > However when I attempt to register I still get: > > [2012-08-08 21:11:34] NOTICE[15689] chan_sip.c: Registration from > > '<sip:[email protected]>' failed for '121.98.1.1' - > Wrong > > password > > [2012-08-08 21:12:42] NOTICE[15689] chan_sip.c: Registration from > > '<sip:[email protected]>' failed for '121.98.1.1' - No > > matching peer found > > > > Based on the Asterisk security advisory > > (http://downloads.asterisk.org/pub/security/AST-2011-011.html) I > would > > have expected 1.4.42 to respond the same in both cases (since the > > issue was fixed in 1.4.41.2). Am I missing something obvious? > > Yes. > > Those are log messages for the administrator's benefit. They are not > SIP messages sent in response to the REGISTER request. The SIP > messages sent are supposed to be the same not the logging messages. > Yes I agree they are supposed to be the same but they are not. Below is the dialog when a wrong password is provided with alwaysauthreject=yes:
U 121.98.1.1:1025 -> 203.89.1.1:5060 REGISTER sip:domain.com SIP/2.0..Via: SIP/2.0/UDP 192.168.1.103:5060;branch=z9hG4bK-d8754z-d88996fba8b1fd8c-1---d8754z- ;rport..Max-Forwards: 70..C ontact: <sip:[email protected]:5060;rinstance=da68419a02006162>. .To: <sip:[email protected]>..From: <sip:1232222 [email protected]>;tag=f910aa53..Call-ID: ZmM4YTU4NTg2MWNhYzVkYTBhN2Q2MjA1YmUyMmYzY2E...CSeq: 1 REGISTER..Expires: 3600..Allow: INVITE, ACK, CANC EL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 5.0.0 stamp 67284..Content-Length: 0.... U 203.89.1.1:5060 -> 121.98.1.1:1025 SIP/2.0 100 Trying..Via: SIP/2.0/UDP 192.168.1.103:5060;branch=z9hG4bK-d8754z-d88996fba8b1fd8c-1---d8754z- ;received=121.98.1.1;rport=1025..From: <sip:000333 [email protected]>;tag=f910aa53..To: <sip:[email protected]>..Call-ID: ZmM4YTU4NTg2MWNhYzVkYTBhN2Q2MjA1YmUyMmYzY 2E...CSeq: 1 REGISTER..User-Agent: Asterisk PBX..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO..Supported: replaces..Content-Length: 0.... U 203.89.1.1:5060 -> 121.98.1.1:1025 SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 192.168.1.103:5060;branch=z9hG4bK-d8754z-d88996fba8b1fd8c-1---d8754z- ;received=121.98.1.1;rport=1025..From: <sip: [email protected]>;tag=f910aa53..To: <sip:[email protected]>;tag=as16fea110..Call- ID: ZmM4YTU4NTg2MWNhYzVk YTBhN2Q2MjA1YmUyMmYzY2E...CSeq: 1 REGISTER..User-Agent: Asterisk PBX..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO..Supported: repla ces..WWW-Authenticate: Digest algorithm=MD5, realm="domain.com", nonce="2f48b121"..Content-Length: 0.... U 121.98.1.1:1025 -> 203.89.1.1:5060 REGISTER sip:domain.com SIP/2.0..Via: SIP/2.0/UDP 192.168.1.103:5060;branch=z9hG4bK-d8754z-5c88940128ede618-1---d8754z- ;rport..Max-Forwards: 70..C ontact: <sip:[email protected]:5060;rinstance=da68419a02006162>. .To: <sip:[email protected]>..From: <sip:1232222 [email protected]>;tag=f910aa53..Call-ID: ZmM4YTU4NTg2MWNhYzVkYTBhN2Q2MjA1YmUyMmYzY2E...CSeq: 2 REGISTER..Expires: 3600..Allow: INVITE, ACK, CANC EL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO..User-Agent: X-Lite release 5.0.0 stamp 67284..Authorization: Digest username="12322222261336",re alm="domain.com",nonce="2f48b121",uri="sip:c-vm- 02.domain.com",response="cb74a7805412a3ac198800aeede3c06e",algorit hm=MD5..Content-Length: 0.... U 203.89.1.1:5060 -> 121.98.1.1:1025 SIP/2.0 100 Trying..Via: SIP/2.0/UDP 192.168.1.103:5060;branch=z9hG4bK-d8754z-5c88940128ede618-1---d8754z- ;received=121.98.1.1;rport=1025..From: <sip:000333 [email protected]>;tag=f910aa53..To: <sip:[email protected]>..Call-ID: ZmM4YTU4NTg2MWNhYzVkYTBhN2Q2MjA1YmUyMmYzY 2E...CSeq: 2 REGISTER..User-Agent: Asterisk PBX..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO..Supported: replaces..Content-Length: 0.... SIP/2.0 403 Forbidden (Bad auth)..Via: SIP/2.0/UDP 192.168.1.103:5060;branch=z9hG4bK-d8754z-5c88940128ede618-1---d8754z- ;received=121.98.1.1;rport=1025..Fro m: <sip:[email protected]>;tag=f910aa53..To: <sip:[email protected]>;tag=as16fea110..Call-ID: ZmM4YTU4NTg2 MWNhYzVkYTBhN2Q2MjA1YmUyMmYzY2E...CSeq: 2 REGISTER..User-Agent: Asterisk PBX..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO..Supporte d: replaces..Content-Length: 0.... Is this a bug or am I missing something obvious? -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
