> From: RAVI KUMAR [[email protected]] > > In my case next register with same call id but ceq incremented so it > is a re-register message with same cnonce value. > But nc value is not incremented .Is this issue ? If yes on what > parameter should we increase the nc value . > If it is a successive request message for same call with same > nonce-value then increment nc ?
As you know, the nc value is used to prevent replay attacks, where the attacker removes the client-generated Authorization header from one request and attaches it to another request. To implement this, the server will only process one request with any particular combination of nonce and nc; a second request with a nonce/nc combination that the server has already seen will be rejected with a 401/407 response, forcing the client to construct a new request. Of course, a server may receive the same request several times and must produce the same response to it each time, so the exclusion only applies to a second request which is different from the first request. In your example, the second request is different from the first request because it has a different CSeq value. Thus it must have a different nc value, or the server will probably reject it. The second request should probably have a different cnonce value as well. Dale _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
