On Wed, Oct 28, 2020 at 2:31 PM Kingsley Tart - Barritel Ltd < kingsley.t...@barritel.com> wrote:
> Hi, > > We're using Asterisk 13.17.0 with PJSIP 2.8 bundled. > > I've found an issue when Asterisk tries to make a SIP call out using > auth, but has the wrong credentials and keeps getting returned a SIP > 407, in this example to an OpenSIPs server requiring user auth. > > Basically this happens: > > 1. Asterisk sends plain INVITE to OpenSIPs > 2. OpenSIPs responds with SIP 407 auth required with a Proxy- > Authenticate header > 3. Asterisk re-sends INVITE to OpenSIPs with Proxy-Authorization > header, but has the wrong password > 4. goto step 2 and repeat forever > > So what we're seeing is Asterisk re-sending an INVITE with incorrect > auth (which is clearly never going to work), about every 2ms. > > The Call-ID remains the same all of the time. > > Shouldn't PJSIP realise that this isn't going to work after a few tries > and give up? > > The only way I've found of stopping the seemingly infinite loop is to > either restart Asterisk or temporarily block network traffic between > the two machines in order to break the cycle. > > Any idea whether this has been fixed in a later version? > This is not yet fixed, but is being worked on. I have it as a security issue currently out of caution (although I don't think we'll treat it as one after further investigation). -- Joshua C. Colp Asterisk Technical Lead Sangoma Technologies Check us out at www.sangoma.com and www.asterisk.org
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users