* You are viewing Posts Tagged ‘rport’

SIP trunk call initiated as Anonymous@anonymous.invalid

I have a Grandstream HT-502 device connected to my Asterisk PBX. It is
configured not to place anonymous calls, and from my mostly layman
reading of the invitation that the device sends, it should not be
anonymous. However, the Asterisk PBX sends an anonymous invitation to
our SIP trunk provider. Can anyone explain why?

The two INVITE packets follow.

The devices sends the following INVITE:

INVITE sip:2223334444@pbx.xxxxx.com SIP/2.0
Via: SIP/2.0/UDP 192.168.9.197:46538;branch=z9hG4bK526774101;rport
From: “222333555” ;tag=2072922124
To:
Call-ID: 1082640776-46538-3@BJC.BGI.J.BJH
CSeq: 21 INVITE
Contact: “222333555”
Authorization: Digest username=”222333555″, realm=”asterisk”,
nonce=”02774xxx”, uri=”sip:2223334444@pbx.xxxxx.com”,
response=”0d1b93729332670aae5b6916ecfxxxxx”, algorithm=MD5
Max-Forwards: 70
User-Agent: Grandstream HT-502 V1.2A 1.0.5.10
Privacy: none
P-Asserted-Identity: “222333555”

Supported: replaces, path, timer, eventlist
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO,
REFER, UPDATE
Content-Type: application/sdp
Accept: application/sdp, application/dtmf-relay
Content-Length: 400

v=0
o=222333555 8000 8000 IN IP4 192.168.9.197
s=SIP Call
c=IN IP4 192.168.9.197
t=0 0
m=audio 58270 RTP/AVP 0 8 4 18 112 97 102 100
a=sendrecv
a=rtpmap:0 PCMU/8000
a=ptime:20
a=rtpmap:8 PCMA/8000
a=rtpmap:4 G723/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:112 G726-32/8000
a=rtpmap:97 iLBC/8000
a=fmtp:97 mode=20
a=rtpmap:102 G729E/8000
a=rtpmap:100 AAL2-G726-16/8000

Our PBX sends this INVITE to our SIP trunk provider:

INVITE sip:2223334444@10.250.0.5 SIP/2.0
Via: SIP/2.0/UDP 66.77.88.99:5060;branch=z9hG4bK1b55d480;rport
Max-Forwards: 70
From: “Anonymous” ;tag=as567ac377
To:
Contact:
Call-ID: 08be883c133cae41515d1f914d62f6ce@66.77.88.99:5060
CSeq: 102 INVITE
User-Agent: FPBX-2.9.0(1.8.7.2)
Date: Thu, 12 Jan 2012 19:55:57 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY,
INFO, PUBLISH
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 260

v=0
o=root 525025075 525025075 IN IP4 66.77.88.99
s=Asterisk PBX 1.8.7.2
c=IN IP4 66.77.88.99
t=0 0
m=audio 15408 RTP/AVP 0 8 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv

Possible remote enumeration of SIP endpoints with differing NAT settings

Asterisk Project Security Advisory – AST-2011-013

Product Asterisk
Summary Possible remote enumeration of SIP endpoints with
differing NAT settings
Nature of Advisory Unauthorized data disclosure
Susceptibility Remote unauthenticated sessions
Severity Minor
Exploits Known Yes
Reported On 2011-07-18
Reported By Ben Williams
Posted On
Last Updated On December 7, 2011
Advisory Contact Terry Wilson
CVE Name

Description It is possible to enumerate SIP usernames when the general
and user/peer NAT settings differ in whether to respond to
the port a request is sent from or the port listed for
responses in the Via header. In 1.4 and 1.6.2, this would
mean if one setting was nat=yes or nat=route and the other
was either nat=no or nat=never. In 1.8 and 10, this would
mean when one was nat=force_rport or nat=yes and the other
was nat=no or nat=comedia.

Resolution Handling NAT for SIP over UDP requires the differing
behavior introduced by these options.

To lessen the frequency of unintended username disclosure,
the default NAT setting was changed to always respond to the
port from which we received the request-the most commonly
used option.

Warnings were added on startup to inform administrators of
the risks of having a SIP peer configured with a different
setting than that of the general setting. The documentation
now strongly suggests that peers are no longer configured
for NAT individually, but through the global setting in the
“general” context.

Affected Versions
Product Release Series
Asterisk Open Source All All versions

Corrected In
As this is more of an issue with SIP over UDP in general, there is no
fix supplied other than documentation on how to avoid the problem. The
default NAT setting has been changed to what we believe the most
commonly used setting for the respective version in Asterisk 1.4.43,
1.6.2.21, and 1.8.7.2.

Links

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-013.pdf and
http://downloads.digium.com/pub/security/AST-2011-013.html

Revision History
Date Editor Revisions Made

Asterisk Project Security Advisory – AST-2011-013
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.

How can I Add my own Word in option packets in from field of SIP “From Asterisk??”

Hello All,
Is there any one who can help me to change the From field parameters in
option packets, I have seen that in option packtes asterisk sends its own
information,If you see the below option packet i have highlighted the
asterisk word in from field and in from field tag how can i changed it
Please let me know same as in User Agent.

192.168.207.70:5060 -> 192.168.207.177:5065
OPTIONS sip:192.168.207.177 SIP/2.0..Via: SIP/2.0/UDP 192.168.207.70:5060
;branch=z9hG4bK57e5b165;rport.*.From: “asterisk” 192.168.207.70>;t
ag=as0977f8f5..To: ..Contact: <
sip:asterisk@192.168.207.70>..Call-ID:
272c85316b257dfa168c9d0155089b8a@192.168.207.70..CSeq: 102 OP
TIONS..*User-Agent: Asterisk PBX*..Max-Forwards: 70..Date: Wed, 20 Jul
2011 11:58:01 GMT..Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER,
SUBSCRIBE, NOTI
FY, INFO..Supported: replaces..Content-Length: 0….
#

Regards,
Masood Ahmed
masood24@gmail.com

Issue with Asterisk & Aastra 57i at v3.2

On 05/05/11 04:37, Richard Kenner wrote:
> I recently tried to update my Aastra 57i to version 3.2 and ran into
> a problem. It won’t properly register and says “contact mismatch”.
> I added “sip contact matching: 2″ to aastra.cfg, but that didn’t help.
>
> When I look at the SIP trace, but I see is the Aastra sending a
> REGISTER and Asterisk replying with the 401. The phone then sends
> the REGISTER again, this time with the hash. Asterisk now replies OK,
> but sends an OPTION packet FIRST and I think that confuses the Aastra.
>
> Has anybody seen this? Is there any way to have the packets sent in the
> proper order?
>
> —

Since I was keen to see if there was a phone bug I’ve just tested this
here. I am using firmware 3.2.1.43 on my 57i which I have just
downloaded from aastra.co.uk this morning and Asterisk 1.4.25.1.

Asterisk does indeed send an Options before the OK but my 57i doesn’t
seem to mind. See the SIP debug trace below. Perhaps you need to
upgrade firmware on the Aastra phone? Or turning off qualify for this
peer might work-around it for you.

< ------------>
Reliably Transmitting (no NAT) to 192.168.2.73:5060:
OPTIONS sip:2002@192.168.2.73:5060;transport=udp SIP/2.0
Via: SIP/2.0/UDP 192.168.2.201:5060;branch=z9hG4bK6c97be12;rport
From: “asterisk” ;tag=as71d2aacd
To:
Contact:
Call-ID: 0d0ecb8721126fdc43a44660792b63b6@192.168.2.201
CSeq: 102 OPTIONS
User-Agent: Asterisk PBX
Max-Forwards: 70
Date: Thu, 05 May 2011 10:43:00 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Content-Length: 0

488 Not acceptable here

I am helping a friend on one of his sip trunk and couldn’t find the way
to resolve his problem.

His asterisk’s problem is like this:
0. When incoming call to one of his sip trunk, Asterisk reply with “488
Not acceptable here”. So the call get dropped.
1. Recently upgraded Elastix with Asterisk 1.4.33
2. Was working fine before the upgrade
3. There are total 4 SIP trunks connected to different providers. All
others works fine.
4. All codecs are allowed.
5. I setup his account on my Asterisk as a SIP trunk, both incoming and
outgoing call work fine. (So it is not his provider’s problem)
6. I checked his FreePBX style multi sip*.conf files and all seem correct.

So what can I do to find out where went wrong on this sip trunk?

Thanks.

Jian

Hers is the debug out put:
============================

<--- SIP read from 208.65.xxx.xxx:5060 --->
INVITE sip:160428xxxxx@192.168.1.83:5060 SIP/2.0
Via: SIP/2.0/UDP
208.65.xxx.xxx:5060;branch=z9hG4bK-d8754z-ad239907e0915d0b-1—d8754z-;rport
Via: SIP/2.0/UDP
208.65.xxx.xxx:5061;branch=z9hG4bK-pcerhxpz5hr4addh;rport=5061
Max-Forwards: 69
Record-Route:
Contact: “Anonymous”
To:
From: “CID NAME”;tag=kvspovbxperbwmfk.o
Call-ID: href=”mailto:12904465@208.xx.xx.xx”>12904465@208.xx.xx.xx~o
CSeq: 493 INVITE
Expires: 300
Content-Disposition: session
Content-Type: application/sdp
User-Agent: Sippy
cisco-GUID: 4084071434-3712422367-2859401243-560159692
h323-conf-id: 4084071434-3712422367-2859401243-560159692
Content-Length: 109

v=0
o=Sippy 153068680 0 IN IP4 74.205.xxx.xxx
s=-
t=0 0
m=audio 34772 RTP/AVP 0
c=IN IP4 74.205.xxx.xxx

<------------->

401 Unauthorized with Snom but not with Zoiper softphone

Hello,

I’m having difficulty with registering a SIP account in a Snom 320
IP-phone. This is what sip debug tells me :

[Oct 7 13:28:42] VERBOSE[20314] chan_sip.c: [Oct 7 13:28:42]
<--- SIP read from UDP:public_ip:58697 --->
REGISTER sip:sip.domain.tld SIP/2.0
Via: SIP/2.0/UDP 192.168.114.200:2048;branch=z9hG4bK-vj1xvbdnp4dw;rport
From: ;tag=sd2b3o74zc
To:
Call-ID: 3c28a76e73cf-gp9nioi8zdci
CSeq: 12 REGISTER
Max-Forwards: 70
Contact:
;reg-id=1;q=1.0;+sip.instance=”“;audio;mobility=”fix
ed”;duplex=”full”;description=”snom320″;actor=”principal”;events=”dialog”;methods=”INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO”
User-Agent: snom320/8.4.18
Allow-Events: dialog
X-Real-IP: 192.168.114.200
Supported: path, gruu
Expires: 3600
Content-Length: 0

<------------->
[Oct 7 13:28:42] VERBOSE[20314] chan_sip.c: [Oct 7 13:28:42] — (14
headers 0 lines) —
[Oct 7 13:28:42] VERBOSE[20314] chan_sip.c: [Oct 7 13:28:42] Sending
to 192.168.114.200 : 2048 (no NAT)
[Oct 7 13:28:42] VERBOSE[20314] chan_sip.c: [Oct 7 13:28:42]
<--- Transmitting (NAT) to public_ip:58697 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP
192.168.114.200:2048;branch=z9hG4bK-vj1xvbdnp4dw;received=public_ip;rport=58697
From: ;tag=sd2b3o74zc
To: ;tag=as6108a7e2
Call-ID: 3c28a76e73cf-gp9nioi8zdci
CSeq: 12 REGISTER
Server: Asterisk PBX 1.6.2.10
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm=”domain.tld”, nonce=”398aee1e”
Content-Length: 0

I would expect the Snom to try a second register, this time with some
type of nonce. But there is just 1 REGISTER and 1 Unauthorized and
that’s it…

Other Snom phones with SIP-accounts go very well, but at this location
the registration fails.

Another remark : when using a Zoiper softphone, the registration goes
very well :

REGISTER sip:sip.domain.tld;transport=UDP SIP/2.0
Via: SIP/2.0/UDP
192.168.114.20:5060;branch=z9hG4bK-d8754z-fab4a5effbf90a05-1—d8754z-
Max-Forwards: 70
Contact:

To:
From: ;tag=db1a5018
Call-ID: NzBlZDMyN2U0YTEzZDk4Y2M2N2NmNzMxYTk4OWUxYTY.
CSeq: 1 REGISTER
Expires: 3600
Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO,
SUBSCRIBE
User-Agent: Zoiper rev.7797
Allow-Events: presence, kpml
Content-Length: 0

<------------->
[Oct 7 13:46:52] VERBOSE[20314] chan_sip.c: [Oct 7 13:46:52] — (13
headers 0 lines) —
[Oct 7 13:46:52] VERBOSE[20314] chan_sip.c: [Oct 7 13:46:52] Sending
to 192.168.114.20 : 5060 (no NAT)
[Oct 7 13:46:52] VERBOSE[20314] chan_sip.c: [Oct 7 13:46:52]
<--- Transmitting (NAT) to public_ip:51363 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP
192.168.114.20:5060;branch=z9hG4bK-d8754z-fab4a5effbf90a05-1—d8754z-;received=public_ip
From: ;tag=db1a5018
To: ;tag=as2fcfde3c
Call-ID: NzBlZDMyN2U0YTEzZDk4Y2M2N2NmNzMxYTk4OWUxYTY.
CSeq: 1 REGISTER
Server: Asterisk PBX 1.6.2.10
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm=”domain.tld”, nonce=”7833b268″
Content-Length: 0

REGISTER sip:sip.domain.tld;transport=UDP SIP/2.0
Via: SIP/2.0/UDP
192.168.114.20:5060;branch=z9hG4bK-d8754z-fdd59e394f9c23b9-1—d8754z-
Max-Forwards: 70
Contact:

To:
From: ;tag=db1a5018
Call-ID: NzBlZDMyN2U0YTEzZDk4Y2M2N2NmNzMxYTk4OWUxYTY.
CSeq: 2 REGISTER
Expires: 3600
Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO,
SUBSCRIBE
User-Agent: Zoiper rev.7797
Authorization: Digest
username=”test3″,realm=”domain.tld”,nonce=”7833b268″,uri=”sip:sip.domain.tld;transport=UDP”,response=”198f6262248fb11fe6cb55408a1cb8ce”,algorithm=MD5
Allow-Events: presence, kpml
Content-Length: 0

SIP/2.0 200 OK
Via: SIP/2.0/UDP
192.168.114.20:5060;branch=z9hG4bK-d8754z-fdd59e394f9c23b9-1—d8754z-;received=public_ip
From: ;tag=db1a5018
To: ;tag=as2fcfde3c
Call-ID: NzBlZDMyN2U0YTEzZDk4Y2M2N2NmNzMxYTk4OWUxYTY.
CSeq: 2 REGISTER
Server: Asterisk PBX 1.6.2.10
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces, timer
Expires: 60
Contact:
;expires=60
Date: Thu, 07 Oct 2010 11:46:52 GMT
Content-Length: 0

It’s the same account, the same password, but other agent.

Can anyone help me with this please ?! I see no difference but there
must be !!

Kind regards,
Jonas.