| Summary: | ASTERISK-27864: Create NOTICE for INVITES with no matching peer | ||
| Reporter: | Sean Darcy (seandarcy) | Labels: | |
| Date Opened: | 2018-05-18 16:40:15 | Date Closed: | 2018-05-29 04:36:00 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Channels/chan_sip/General |
| Versions: | 13.21.0 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Fedora 27 | Attachments: | |
| Description: | <--- SIP read from UDP:192.111.139.146:29281 --->
INVITE sip:+48223079992@<my-ip>:5060 SIP/2.0 Via: SIP/2.0/UDP 100.149.241.68:5060;branch=z4hG4bK-966187-1---q9ft4HdLB4ZeBqs;rport=5060 Contact: <sip:9353@100.149.241.68:5060>;+sip.instance="<urn:uuid:4B444A32-23FD-4E49-8C99-12077A118D8F>" Max-Forwards: 70 To: <sip:+48223079992@<my-ip>:5060> From: "Caller"<sip:9353@<my-ip>:5060>;tag=sXPNixD5Ui42V Call-ID: _zIr9tDtBxeTVTY5F7z8kD7R.. CSeq: 101 INVITE Content-Type: application/sdp Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, REGISTER, SUBSCRIBE, INFO Supported: replaces User-Agent: GSM Allow-Events: hold, talk, conference Accept: application/sdp Content-Length: 771 v=0 o=CiscoSystemsSIP-IPPhone 18338 11953 IN IP4 100.149.241.68 s=SIP Call c=IN IP4 100.149.241.68 t=0 0 m=audio 20000 RTP/AVP 0 8 18 101 a=rtpmap:3 gsm/8000 a=rtpmap:96 speex/8000 a=rtpmap:97 speex/8000 a=fmtp:97 mode=2 a=rtpmap:98 speex/8000 a=fmtp:98 mode=5 a=rtpmap:99 speex/8000 a=fmtp:99 mode=7 a=rtpmap:107 speex/32000 a=fmtp:107 mode=10 a=rtpmap:0 pcmu/8000 a=rtpmap:8 pcma/8000 a=rtpmap:108 ilbc/8000 a=rtpmap:113 g7231/8000 a=rtpmap:18 g729/8000 a=rtpmap:100 G726-16/8000 a=rtpmap:101 G726-24/8000 a=rtpmap:2 G726-32/8000 a=rtpmap:2 G726-32/8000 a=rtpmap:103 G726-40/8000 a=rtpmap:4 g723/8000 a=fmtp:18 annexb=no a=rtpmap:109 ilbc/8000 a=fmtp:109 mode=20 a=rtpmap:110 telephone-event/8000 a=fmtp:110 0-15 a=ptime:20 a=sendrecv <-------------> --- (15 headers 34 lines) --- Sending to 192.111.139.146:29281 (NAT) Sending to 192.111.139.146:29281 (NAT) Using INVITE request as basis request - _zIr9tDtBxeTVTY5F7z8kD7R.. No matching peer for '9353' from '192.111.139.146:29281' .............. Which then generates a lot of transmissions showing Unauthorized: .............. Retransmitting #10 (NAT) to 192.111.139.146:29281: SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 100.149.241.68:5060;branch=z4hG4bK-966187-1---q9ft4HdLB4ZeBqs;received=192.111.139.146;rport=29281 From: "Caller"<sip:9353@<my-ip>:5060>;tag=sXPNixD5Ui42V To: <sip:+48223079992@<my-ip>:5060>;tag=as1f60e6dd Call-ID: _zIr9tDtBxeTVTY5F7z8kD7R.. CSeq: 101 INVITE Server: Asterisk PBX 13.21.0-rc1 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm="asterisk_home", nonce="0794806c" Content-Length: 0 It's a real pain to find the INVITE in SIP DEBUG that generated the retransmission. The timeout for the retransmission generates a NOTICE, but not the INVITE itself. I suggest a NOTICE for any INVITE with "No matching peer", just like the "Wrong password" NOTICE. This would allow fail2ban, among others, to block the address. | ||
| Comments: | By: Asterisk Team (asteriskteam) 2018-05-18 16:40:17.145-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Richard Mudgett (rmudgett) 2018-05-21 14:52:09.953-0500 What you ask should already be handled by the security event framework. There is a SECURITY log channel handled by res_security.so like NOTICE/WARNING/ERROR that outputs security events. AMI also outputs these security events. One of these security events is a challenge sent \[1] informational message that chan_sip and chan_pjsip generate when they challenge a request. Otherwise, this is a feature request without a patch. \[1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+ManagerEvent_ChallengeSent By: Richard Mudgett (rmudgett) 2018-05-21 14:52:50.374-0500 Features requests without patches are not accepted through the issue tracker. Features requests are openly discussed on the mailing lists, forums, and IRC [1]. Please see the Asterisk Issue Guidelines [2] for more information on feature request and patch submission. [1] http://asterisk.org/community/discuss [2] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines | ||