[asterisk-bugs] [JIRA] (ASTERISK-26089) Invalid security events during boot using PJSIP Realtime
Richard Mudgett (JIRA)
noreply at issues.asterisk.org
Thu Jun 9 17:51:56 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-26089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Mudgett closed ASTERISK-26089.
--------------------------------------
> Invalid security events during boot using PJSIP Realtime
> --------------------------------------------------------
>
> Key: ASTERISK-26089
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26089
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: pjproject/pjsip
> Environment: CentOS, Asterisk 13, PJSIP, Realtime, ODBC
> Reporter: Scott Griepentrog
>
> When Asterisk is configured to use PJSIP with Realtime, the receipt of a SIP REGISTER during bootup (prior to odbc database connections being completed) results in a security event such as InvalidAccountID due to being unable to obtain the account from the database.
> Where the specific customer implementation includes banning IP's based on security events, this causes a window of opportunity for valid endpoints to be banned if they are unlucky enough to attempt REGISTER at the wrong time.
> A workaround for this issue exists in the form of rejecting security events prior to the FullyBooted event being received. However, this issue would probably be better addressed by adding an option to cause PJSIP inbound traffic to be dropped prior to FullyBooted state, so as to avoid transmitting an incorrect 401 Unauthorized response to the endpoint.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list