I'm getting an odd Via parsing error from SER 0.9.6:
Feb 23 16:52:49 death ser[17389]: error: parse_via_param Feb 23 16:52:49 death ser[17389]: ERROR: parse_via on: <sip/2.0/udp 172.30.237.149:56755;branch=z9hg4bk-d87543-d75bc86d826ac929-1--d87543-> Feb 23 16:52:49 death ser[17389]: ERROR: parse_via parse error, parsed so far:<sip/2.0/udp 172.30.237.149:56755;branch=z9hg4bk-d87543-d75bc86d826ac929-1--d87543-> Feb 23 16:52:49 death ser[17389]: ERROR: get_hdr_field: bad via Feb 23 16:52:49 death ser[17389]: ERROR: parse_msg: message=<REGISTEl sip:proxy.ideasip.com SIP/2.0> Feb 23 16:52:49 death ser[17389]: ERROR: receive_msg: parse_msg failed
When I look at the packet, it looks like the actual SIP data is somehow getting garbled... with odd characters showing up in the middle of headers, etc.
Any idea what might cause this?
U 148.233.151.30:43764 -> XX.XX.XX.XX:5060 REGISTEl sip:proxy.ideasip.com SIP/2.0. Via: sip/2.0/udp 172.30.237.149:16240;branch=z9hg4bk-d87543-9332b73b5700e95c-1--d87543-. Max-Forward2a:70. Contactm:sip:user@148.233.151.30:32332;rinstance=6c0c8351d99e79db. To: "mario"sip:user@proxy.ideasip.com. From: "mario"sip:user@proxy.ideasip.com;tag=fe132761. Call-ID: n2m5owi1odc4mzkznmm5mjflmzvmzmu3zgjmngqym2y.. CSe1h:1 register. Expire1k:3600. Allo0b:invite, ack, cancel, options, bye, refer, notify, message, subscribe, info. User-Agen5m:x-lite release 1006e stamp 34025. Content-Lengthl:0.
As you can see... things like REGISTEl, Max Forward2a: Expire1k:
All these things look garbled. Would this be a transmission error of some kind (the garbled headers are identical for each submitted packet, though, so it seems unlikely) ?
N.
Bad ALG? g-)
sip wrote:
I'm getting an odd Via parsing error from SER 0.9.6:
Feb 23 16:52:49 death ser[17389]: error: parse_via_param Feb 23 16:52:49 death ser[17389]: ERROR: parse_via on: <sip/2.0/udp 172.30.237.149:56755;branch=z9hg4bk-d87543-d75bc86d826ac929-1--d87543-> Feb 23 16:52:49 death ser[17389]: ERROR: parse_via parse error, parsed so far:<sip/2.0/udp 172.30.237.149:56755;branch=z9hg4bk-d87543-d75bc86d826ac929-1--d87543-> Feb 23 16:52:49 death ser[17389]: ERROR: get_hdr_field: bad via Feb 23 16:52:49 death ser[17389]: ERROR: parse_msg: message=<REGISTEl sip:proxy.ideasip.com SIP/2.0> Feb 23 16:52:49 death ser[17389]: ERROR: receive_msg: parse_msg failed
When I look at the packet, it looks like the actual SIP data is somehow getting garbled... with odd characters showing up in the middle of headers, etc.
Any idea what might cause this?
U 148.233.151.30:43764 -> XX.XX.XX.XX:5060 REGISTEl sip:proxy.ideasip.com SIP/2.0. Via: sip/2.0/udp 172.30.237.149:16240;branch=z9hg4bk-d87543-9332b73b5700e95c-1--d87543-. Max-Forward2a:70. Contactm:sip:user@148.233.151.30:32332;rinstance=6c0c8351d99e79db. To: "mario"sip:user@proxy.ideasip.com. From: "mario"sip:user@proxy.ideasip.com;tag=fe132761. Call-ID: n2m5owi1odc4mzkznmm5mjflmzvmzmu3zgjmngqym2y.. CSe1h:1 register. Expire1k:3600. Allo0b:invite, ack, cancel, options, bye, refer, notify, message, subscribe, info. User-Agen5m:x-lite release 1006e stamp 34025. Content-Lengthl:0.
As you can see... things like REGISTEl, Max Forward2a: Expire1k:
All these things look garbled. Would this be a transmission error of some kind (the garbled headers are identical for each submitted packet, though, so it seems unlikely) ?
N. _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
hi
I might be wrong.. but do you have a zyxel router ? I've seen simular on some zyxel stuff
-Atle
* Greger V. Teigre greger@teigre.com [070226 11:25]:
Bad ALG? g-)
sip wrote:
I'm getting an odd Via parsing error from SER 0.9.6: Feb 23 16:52:49 death ser[17389]: error: parse_via_param Feb 23 16:52:49 death ser[17389]: ERROR: parse_via on: <sip/2.0/udp 172.30.237.149:56755;branch=z9hg4bk-d87543-d75bc86d826ac929-1--d87543-> Feb 23 16:52:49 death ser[17389]: ERROR: parse_via parse error, parsed so far:<sip/2.0/udp 172.30.237.149:56755;branch=z9hg4bk-d87543-d75bc86d826ac929-1--d87543-> Feb 23 16:52:49 death ser[17389]: ERROR: get_hdr_field: bad via Feb 23 16:52:49 death ser[17389]: ERROR: parse_msg: message=<REGISTEl sip:proxy.ideasip.com SIP/2.0> Feb 23 16:52:49 death ser[17389]: ERROR: receive_msg: parse_msg failed
When I look at the packet, it looks like the actual SIP data is somehow getting garbled... with odd characters showing up in the middle of headers, etc. Any idea what might cause this?
U 148.233.151.30:43764 -> XX.XX.XX.XX:5060 REGISTEl sip:proxy.ideasip.com SIP/2.0. Via: sip/2.0/udp 172.30.237.149:16240;branch=z9hg4bk-d87543-9332b73b5700e95c-1--d87543-. Max-Forward2a:70. Contactm:sip:user@148.233.151.30:32332;rinstance=6c0c8351d99e79db. To: "mario"sip:user@proxy.ideasip.com. From: "mario"sip:user@proxy.ideasip.com;tag=fe132761. Call-ID: n2m5owi1odc4mzkznmm5mjflmzvmzmu3zgjmngqym2y.. CSe1h:1 register. Expire1k:3600. Allo0b:invite, ack, cancel, options, bye, refer, notify, message, subscribe, info. User-Agen5m:x-lite release 1006e stamp 34025. Content-Lengthl:0.
As you can see... things like REGISTEl, Max Forward2a: Expire1k: All these things look garbled. Would this be a transmission error of some kind (the garbled headers are identical for each submitted packet, though, so it seems unlikely) ?
N. _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Unfortunately, it's not my UA, so I've no idea. I just happened to notice this in the logs, and started sniffing the packets and noticed this weird issue with the garbled data.
It caught my attention as we've been getting hit CONSTANTLY with fraud attempts through our service from various hacked IPs (proxied through). Most of them originate in Egypt, Jordan, Morocco, and Palestine, but lately, we've seen the IPs from all over (Germany, Sweden, Korea, etc). Some of these have been proxied and attempted 'manually-created' headers to try and fool our system. This caught my eye and I was wondering if there might be a legitimate reason for it before I disabled the account out of sheer paranoia. :)
N.
On Mon, 26 Feb 2007 11:29:49 +0100, Atle Samuelsen wrote
hi
I might be wrong.. but do you have a zyxel router ? I've seen simular on some zyxel stuff
-Atle
- Greger V. Teigre greger@teigre.com [070226 11:25]:
Bad ALG? g-)
sip wrote:
I'm getting an odd Via parsing error from SER 0.9.6: Feb 23 16:52:49 death ser[17389]: error: parse_via_param Feb 23 16:52:49
death ser[17389]: ERROR: parse_via on: <sip/2.0/udp
172.30.237.149:56755;branch=z9hg4bk-d87543-d75bc86d826ac929-1--d87543->
Feb 23 16:52:49 death ser[17389]: ERROR: parse_via
parse error, parsed so far:<sip/2.0/udp 172.30.237.149:56755;branch=z9hg4bk-d87543-d75bc86d826ac929-1--d87543->
Feb 23 16:52:49 death ser[17389]: ERROR:
get_hdr_field: bad via Feb 23 16:52:49 death ser[17389]: ERROR:
parse_msg: message=<REGISTEl
sip:proxy.ideasip.com SIP/2.0> Feb 23 16:52:49 death ser[17389]: ERROR:
receive_msg: parse_msg failed
When I look at the packet, it looks like the actual SIP data is somehow getting garbled... with odd characters showing up in the middle of
headers, etc.
Any idea what might cause this?
U 148.233.151.30:43764 -> XX.XX.XX.XX:5060 REGISTEl sip:proxy.ideasip.com SIP/2.0. Via: sip/2.0/udp 172.30.237.149:16240;branch=z9hg4bk-d87543-9332b73b5700e95c-1--d87543-. Max-Forward2a:70. Contactm:sip:user@148.233.151.30:32332;rinstance=6c0c8351d99e79db. To: "mario"sip:user@proxy.ideasip.com. From: "mario"sip:user@proxy.ideasip.com;tag=fe132761. Call-ID: n2m5owi1odc4mzkznmm5mjflmzvmzmu3zgjmngqym2y.. CSe1h:1 register. Expire1k:3600. Allo0b:invite, ack, cancel, options, bye, refer, notify, message,
subscribe, info.
User-Agen5m:x-lite release 1006e stamp 34025. Content-Lengthl:0.
As you can see... things like REGISTEl, Max Forward2a: Expire1k: All these things look garbled. Would this be a transmission error of some kind (the garbled headers are identical for each submitted packet, though, so it seems unlikely) ?
N. _______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Atle Samuelsen -
Greger V. Teigre -
sip -
sip