[Devel] Processing REGISTER requests

Dan Pascu dan at ag-projects.com
Thu Oct 6 17:45:04 CEST 2005


On Thursday 06 October 2005 15:24, Daniel-Constantin Mierla wrote:
> >1. take one sip account joe at domain.com and configure 2 phones in 2
> >different networks with that account and assign the same private IP to
> >both phones. They will overwrite each ones registration.
>
> With same private ip, the risk to have same call-id increases.

First I'd like to see some evidence of this. If you or someone else was 
able to find such duplicate call-ids then please post your findings. Type 
of UA that generates them, how often do they happen, etc. I hate to speak 
on hypotheses, but so far this is what we did. I watched over my contact 
database and I haven't yet spotted a duplicate call-id, except when 
coming from the same phone and ser decided to add the contact because the 
IP/port changed. But this is not a duplicated call-id.

Next, that's the whole point. With this method you only have some risk, 
with the current method is certain.

> Agree, it is what I want to avoid, better have multiple contact
> addresses rather that overwrite other's contact. Lowering the expire

It's not better by any measure. I look in the contacts database and I see 
I have 3 registered phones, while I only have 1 (your users will make 
some conclusions about how reliable you are if you can't even keep track 
correctly of them being online).
Then it opens you to security issues and identity theft.
I wouldn't say it's better, only that the problems it raises are more 
bearable.

And overwrite vs duplicate it's not your choice. If you use 
fix_nated_register() you will suffer from overwrites, if you use 
fix_contact() you suffer from duplicates.

-- 
Dan



More information about the Devel mailing list