| Summary: | ASTERISK-07199: Sip peer identity hijack | ||
| Reporter: | Vincenzo Iacobelli (jacovenzo) | Labels: | |
| Date Opened: | 2006-06-17 18:36:05 | Date Closed: | 2006-06-19 05:14:12 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_sip/Registration |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | I have configure two * box (A and B), each one with an ISDN zapbri channel. I have configured on * box A three sip peer account: 101, 102 and 103 with password respectively passA1, passA2 and passA3. On the * box B, I also have configure three sip peer account: 101, 102 and 103 but with password respectively passB1, pass B2 and pass B3. Both * box has an ISDN BRI line with telco operator. The A box has line number 123456 while B box has line number 456789. I have linked both box with dundi protocol for call from the A box to the B box for free and viceversa. Each box has two context. The first (sipclient) for routing call from sip client anc the second (dundi-incoming) for routing extern call from dundi network. The second context is configured as default context in global section on sip.conf file, while for each peer section in sip.conf file there is a context statement for configure the first context on call from sip peers. Now for a my error in configuration if a call from 101 peer of box A the number 456789, the call is routed through a sip call to the B box. The call is originated from 101 address and when the sip call is received on the B box, here asterisk recognize the as made from it's 101 peer, so the call is route on dundi network again and never is completed. ****** ADDITIONAL INFORMATION ****** On SIP debug log the call begin with an invite command but skip the authentication process. | ||
| Comments: | By: Vincenzo Iacobelli (jacovenzo) 2006-06-17 18:48:45 *CLI> -- Executing Goto("SIP/101-e1aa", "dundi|456789|1") in new stack -- Goto (dundi,456789,1) -- Executing DUNDiLookup("SIP/101-e1aa", "456789") in new stack -- Executing SetCIDNum("SIP/101-e1aa", "") in new stack -- Executing Dial("SIP/101-e1aa", "/") in new stack == Everyone is busy/congested at this time (1:0/0/1) -- Executing Congestion("SIP/101-e1aa", "") in new stack == Spawn extension (dundi, 456789, 104) exited non-zero on 'SIP/101-e1aa' sip debug ip mail.jcon.it SIP Debugging Enabled for IP: <<<<<< IP A BOX >>>>>> *CLI> <-- SIP read from <<<<<< IP A BOX >>>>>>:5060: INVITE sip:456789@<<<<<< IP B BOX >>>>>>;user=phone SIP/2.0 Via: SIP/2.0/UDP <<<<<< IP A BOX >>>>>>:5060;branch=z9hG4bK74912479;rport From: "Vincenzo Iacobelli" <sip:101@<<<<<< IP A BOX >>>>>>>;tag=as09cb121f To: <sip:456789@<<<<<< IP B BOX >>>>>>;user=phone> Contact: <sip:101@<<<<<< IP A BOX >>>>>>> Call-ID: 569535f2356d04dc53bded96129ee641@<<<<<< IP A BOX >>>>>> CSeq: 102 INVITE User-Agent: JCON PBX Max-Forwards: 70 Remote-Party-ID: "Vincenzo Iacobelli" <sip:101@<<<<<< IP A BOX >>>>>>>;privacy=off;screen=no Date: Sat, 17 Jun 2006 23:47:08 GMT Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Content-Type: application/sdp Content-Length: 391 v=0 o=root 22392 22392 IN IP4 <<<<<< IP A BOX >>>>>> s=session c=IN IP4 <<<<<< IP A BOX >>>>>> t=0 0 m=audio 10866 RTP/AVP 97 18 3 8 0 a=rtpmap:97 iLBC/8000 a=rtpmap:18 G729/8000 a=fmtp:18 annexb=no a=rtpmap:3 GSM/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:0 PCMU/8000 a=silenceSupp:off - - - - m=video 12346 RTP/AVP 31 34 103 a=rtpmap:31 H261/90000 a=rtpmap:34 H263/90000 a=rtpmap:103 h263-1998/90000 --- (14 headers 17 lines)--- Using INVITE request as basis request - 569535f2356d04dc53bded96129ee641@<<<<<< IP A BOX >>>>>> Sending to <<<<<< IP A BOX >>>>>> : 5060 (NAT) Found user '101' Found RTP audio format 97 Found RTP audio format 18 Found RTP audio format 3 Found RTP audio format 8 Found RTP audio format 0 Found RTP video format 31 Found RTP video format 34 Found RTP video format 103 Peer audio RTP is at port <<<<<< IP A BOX >>>>>>:10866 Peer video RTP is at port <<<<<< IP A BOX >>>>>>:12346 Found description format iLBC Found description format G729 Found description format GSM Found description format PCMA Found description format PCMU Found description format H261 Found description format H263 Found description format h263-1998 Capabilities: us - 0x8 (alaw), peer - audio=0x50e (gsm|ulaw|alaw|g729|ilbc)/video=0x1c0000 (h261|h263|h263p), combined - 0x8 (alaw) Non-codec capabilities: us - 0x1 (telephone-event), peer - 0x0 (nothing), combined - 0x0 (nothing) Looking for 456789 in sipclient (domain <<<<<< IP B BOX >>>>>>) list_route: hop: <sip:101@<<<<<< IP A BOX >>>>>>> Transmitting (no NAT) to <<<<<< IP A BOX >>>>>>:5060: SIP/2.0 100 Trying Via: SIP/2.0/UDP <<<<<< IP A BOX >>>>>>:5060;branch=z9hG4bK74912479;rport;received=<<<<<< IP A BOX >>>>>> From: "Vincenzo Iacobelli" <sip:101@<<<<<< IP A BOX >>>>>>>;tag=as09cb121f To: <sip:456789@<<<<<< IP B BOX >>>>>>;user=phone> Call-ID: 569535f2356d04dc53bded96129ee641@<<<<<< IP A BOX >>>>>> CSeq: 102 INVITE User-Agent: JCON PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Contact: <sip:456789@<<<<<< IP B BOX >>>>>>> Content-Length: 0 --- -- Executing Goto("SIP/101-72ba", "dundi|456789|1") in new stack -- Goto (dundi,456789,1) -- Executing DUNDiLookup("SIP/101-72ba", "456789") in new stack -- Executing SetCIDNum("SIP/101-72ba", "") in new stack -- Executing Dial("SIP/101-72ba", "/") in new stack == Everyone is busy/congested at this time (1:0/0/1) -- Executing Congestion("SIP/101-72ba", "") in new stack Transmitting (no NAT) to <<<<<< IP A BOX >>>>>>:5060: SIP/2.0 503 Service Unavailable Via: SIP/2.0/UDP <<<<<< IP A BOX >>>>>>:5060;branch=z9hG4bK74912479;rport;received=<<<<<< IP A BOX >>>>>> From: "Vincenzo Iacobelli" <sip:101@<<<<<< IP A BOX >>>>>>>;tag=as09cb121f To: <sip:456789@<<<<<< IP B BOX >>>>>>;user=phone>;tag=as1f647781 Call-ID: 569535f2356d04dc53bded96129ee641@<<<<<< IP A BOX >>>>>> CSeq: 102 INVITE User-Agent: JCON PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Contact: <sip:456789@<<<<<< IP B BOX >>>>>>> Content-Length: 0 X-Asterisk-HangupCause: Channel not implemented --- == Spawn extension (dundi, 456789, 104) exited non-zero on 'SIP/101-72ba' <-- SIP read from <<<<<< IP A BOX >>>>>>:5060: ACK sip:456789@<<<<<< IP B BOX >>>>>>;user=phone SIP/2.0 Via: SIP/2.0/UDP <<<<<< IP A BOX >>>>>>:5060;branch=z9hG4bK74912479;rport From: "Vincenzo Iacobelli" <sip:101@<<<<<< IP A BOX >>>>>>>;tag=as09cb121f To: <sip:456789@<<<<<< IP B BOX >>>>>>;user=phone>;tag=as1f647781 Contact: <sip:101@<<<<<< IP A BOX >>>>>>> Call-ID: 569535f2356d04dc53bded96129ee641@<<<<<< IP A BOX >>>>>> CSeq: 102 ACK User-Agent: JCON PBX Max-Forwards: 70 Remote-Party-ID: "Vincenzo Iacobelli" <sip:101@<<<<<< IP A BOX >>>>>>>;privacy=off;screen=no Content-Length: 0 --- (11 headers 0 lines)--- Destroying call '569535f2356d04dc53bded96129ee641@<<<<<< IP A BOX >>>>>>' sip no debug SIP Debugging Disabled By: Vincenzo Iacobelli (jacovenzo) 2006-06-17 18:54:37 On dundi.conf file I have this mapping row e164 => dundi-e164,0,SIP,${NUMBER}@<<<<<< IP B BOX >>>>>>,nopartial By: Olle Johansson (oej) 2006-06-19 02:39:16 You simply can't have the same device names on two boxes that communicate with each other. We will always match calls to devices on the From: header. By: Vincenzo Iacobelli (jacovenzo) 2006-06-19 04:22:51 This is the problem, because if I manage both boxes I can turn around problem, as I've already done. But if you check only From header when a sip client place a call I can use this thing for thief calls on asterisk box directly connected to Internet. This is bad. You know? By: Olle Johansson (oej) 2006-06-19 05:13:59 Well with authentication, you can't. It's a design issue and not a bug. Will close this bug report now. Thanks. | ||