[asterisk-bugs] [JIRA] (ASTERISK-27864) Create NOTICE for INVITES with no matching peer

Sean Darcy (JIRA) noreply at issues.asterisk.org
Fri May 18 16:41:55 CDT 2018 

Sean Darcy created ASTERISK-27864:
-------------------------------------

             Summary: Create NOTICE for INVITES with no matching peer
                 Key: ASTERISK-27864
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27864
             Project: Asterisk
          Issue Type: Improvement
      Security Level: None
          Components: Channels/chan_sip/General
    Affects Versions: 13.21.0
         Environment: Fedora 27
            Reporter: Sean Darcy


<--- SIP read from UDP:192.111.139.146:29281 --->
INVITE sip:+48223079992@<my-ip>:5060 SIP/2.0
Via: SIP/2.0/UDP 100.149.241.68:5060;branch=z4hG4bK-966187-1---q9ft4HdLB4ZeBqs;rport=5060
Contact: <sip:9353 at 100.149.241.68:5060>;+sip.instance="<urn:uuid:4B444A32-23FD-4E49-8C99-12077A118D8F>"
Max-Forwards: 70
To: <sip:+48223079992@<my-ip>:5060>
From: "Caller"<sip:9353@<my-ip>:5060>;tag=sXPNixD5Ui42V
Call-ID: _zIr9tDtBxeTVTY5F7z8kD7R..
CSeq: 101 INVITE
Content-Type: application/sdp
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, REGISTER, SUBSCRIBE, INFO
Supported: replaces
User-Agent: GSM
Allow-Events: hold, talk, conference
Accept: application/sdp
Content-Length: 771

v=0
o=CiscoSystemsSIP-IPPhone 18338 11953 IN IP4 100.149.241.68
s=SIP Call
c=IN IP4 100.149.241.68
t=0 0
m=audio 20000 RTP/AVP 0 8 18 101
a=rtpmap:3 gsm/8000
a=rtpmap:96 speex/8000
a=rtpmap:97 speex/8000
a=fmtp:97 mode=2
a=rtpmap:98 speex/8000
a=fmtp:98 mode=5
a=rtpmap:99 speex/8000
a=fmtp:99 mode=7
a=rtpmap:107 speex/32000
a=fmtp:107 mode=10
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:108 ilbc/8000
a=rtpmap:113 g7231/8000
a=rtpmap:18 g729/8000
a=rtpmap:100 G726-16/8000
a=rtpmap:101 G726-24/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:103 G726-40/8000
a=rtpmap:4 g723/8000
a=fmtp:18 annexb=no
a=rtpmap:109 ilbc/8000
a=fmtp:109 mode=20
a=rtpmap:110 telephone-event/8000
a=fmtp:110 0-15
a=ptime:20
a=sendrecv
<------------->
--- (15 headers 34 lines) ---
Sending to 192.111.139.146:29281 (NAT)
Sending to 192.111.139.146:29281 (NAT)
Using INVITE request as basis request - _zIr9tDtBxeTVTY5F7z8kD7R..
No matching peer for '9353' from '192.111.139.146:29281'
..............
Which then generates a lot of transmissions showing Unauthorized:
..............
Retransmitting #10 (NAT) to 192.111.139.146:29281:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 100.149.241.68:5060;branch=z4hG4bK-966187-1---q9ft4HdLB4ZeBqs;received=192.111.139.146;rport=29281
From: "Caller"<sip:9353@<my-ip>:5060>;tag=sXPNixD5Ui42V
To: <sip:+48223079992@<my-ip>:5060>;tag=as1f60e6dd
Call-ID: _zIr9tDtBxeTVTY5F7z8kD7R..
CSeq: 101 INVITE
Server: Asterisk PBX 13.21.0-rc1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk_home", nonce="0794806c"
Content-Length: 0

It's a real pain to find the INVITE in SIP DEBUG that generated the retransmission. The timeout for the retransmission generates a NOTICE, but not the INVITE itself. 

I suggest a NOTICE for any INVITE with "No matching peer", just like the "Wrong password" NOTICE. This would allow fail2ban, among others, to block the address.





--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list