[Serusers] allow_trusted"trusted table"

sip sip at arcdiv.com
Fri Sep 15 13:29:45 CEST 2006 

Okay... start small. You can work through this. 

First things first: 

Comment out the proxy_authorize portion of the config.  Restart ser, and try the call again. See if it works. 
If it does, uncomment it, but right BEFORE the proxy_authorize, put the check for the trusted table and then a log message to check the logs...

something like: 

if(!allow_trusted())
{
    log(1, "ALLOW TRUSTED CHECK FAILED -- HOST NOT IN TRUSTED TABLE");
   
    if(!proxy_authorize...  etc, etc)

};

Restart ser, and try the call again. If that message pops up, then there's something wrong with the trusted host check and you can double check the data you entered into the database to make sure it's all actually correct.

Your trusted table should look something like:

+----------------+-------+--------------+| src_ip         | proto | from_pattern |+----------------+-------+--------------+| 127.0.0.1      | any   | sip:.*$      || 81.21.38.13    | any   | sip:.*$      |+----------------+-------+--------------+

On Fri, 15 Sep 2006 12:36:04 +0300, ravi reddy wrote
> this is the ngrep -record  when i tried to make a incoming call from PSTN
> 
> U MailScanner warning: numerical links are often malicious: 81.21.38.13:57812 -> MailScanner warning: numerical links are often malicious: 81.21.33.35:5060
> INVITE sip:22030980 at 81.21.33.35:5060 SIP/2.0.
> Via: SIP/2.0/UDP  MailScanner warning: numerical links are often malicious: 81.21.38.13:5060.
> From: <sip:22498045 at 81.21.38.13>;tag=78415468-CC3.
> To: <sip:22030980 at 81.21.33.35>.
> Date: Fri, 15 Sep 2006 09:15:20 GMT.
> Call-ID: 8BB4320C-43D111DB-9F91880F-F0154510 at 81.21.38.13.
> Supported: timer,100rel.
> Min-SE:  1800.
> Cisco-Guid: 3763255713-1164120539-2201223171-3126568985.
> User-Agent: Cisco-SIPGateway/IOS-12.x.
> Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO.
> CSeq: 101 INVITE.
> Max-Forwards: 6.
> Remote-Party-ID: <sip:22498045 at 81.21.38.13>;party=calling;screen=yes;privacy=off.
> Timestamp: 1158311720.
> Contact: <sip:22498045 at 81.21.38.13:5060>.
> Expires: 180.
> Allow-Events: telephone-event.
> Content-Type: application/sdp.
> Content-Length: 274.
> .
> v=0.
> o=CiscoSystemsSIP-GW-UserAgent 9485 5123 IN IP4 MailScanner warning: numerical links are often malicious: 81.21.38.13.
> s=SIP Call.
> c=IN IP4 MailScanner warning: numerical links are often malicious: 81.21.38.13.
> t=0 0.
> m=audio 17124 RTP/AVP 18 0 8 100.
> a=rtpmap:18 G729/8000.
> a=fmtp:18 annexb=no.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:8 PCMA/8000.
> a=rtpmap:100 X-NSE/8000.
> a=fmtp:100 192-194.
> 
> #
> U MailScanner warning: numerical links are often malicious: 81.21.33.35:5060 -> MailScanner warning: numerical links are often malicious: 81.21.38.13:5060
> SIP/2.0 407 Proxy Authentication Required.
> Via: SIP/2.0/UDP  MailScanner warning: numerical links are often malicious: 81.21.38.13:5060.
> From: <sip:22498045 at 81.21.38.13>;tag=78415468-CC3.
> To: <sip:22030980 at 81.21.33.35>;tag=74961b5b71b6ddce908b9155b956083f.58b5.
> Call-ID: 8BB4320C-43D111DB-9F91880F-F0154510 at 81.21.38.13.
> CSeq: 101 INVITE.
> Proxy-Authenticate: Digest realm="MailScanner warning: numerical links are often malicious: 81.21.33.35", nonce="450a6fac7fc0d4000fd13a85f7f6c55323ed6a5c".
> Content-Length: 0.
> Warning: 392 MailScanner warning: numerical links are often malicious: 81.21.33.35:5060 "Noisy feedback tells:  pid=24505req_src_ip=MailScanner warning: numerical links are often malicious: 81.21.38.13 req_src_port=57812in_uri=sip:22030980 at 81.21.33.35:5060out_uri=sip:22030980 at 81.21.33.35:5060 via_cnt==1".
> .
> 
> #
> U MailScanner warning: numerical links are often malicious: 81.21.38.13:57812 -> MailScanner warning: numerical links are often malicious: 81.21.33.35:5060
> ACK sip:22030980 at 81.21.33.35:5060 SIP/2.0.
> Via: SIP/2.0/UDP  MailScanner warning: numerical links are often malicious: 81.21.38.13:5060.
> From: <sip:22498045 at 81.21.38.13>;tag=78415468-CC3.
> To: <sip:22030980 at 81.21.33.35>;tag=74961b5b71b6ddce908b9155b956083f.58b5.
> Date: Fri, 15 Sep 2006 09:15:20 GMT.
> Call-ID: 8BB4320C-43D111DB-9F91880F-F0154510 at 81.21.38.13.
> Max-Forwards: 6.
> Content-Length: 0.
> CSeq: 101 ACK.
> .
> 
> #
> U MailScanner warning: numerical links are often malicious: 81.21.38.13:51826 -> MailScanner warning: numerical links are often malicious: 81.21.33.35:5060
> INVITE sip:22030980 at 81.21.33.35:5060 SIP/2.0.
> Via: SIP/2.0/UDP  MailScanner warning: numerical links are often malicious: 81.21.38.13:5060.
> From: <sip:22498045 at 81.21.38.13>;tag=78415970-1FEC.
> To: <sip:22030980 at 81.21.33.35>.
> Date: Fri, 15 Sep 2006 09:15:22 GMT.
> Call-ID: 8C78BCF5-43D111DB-9F95880F-F0154510 at 81.21.38.13.
> Supported: timer,100rel.
> Min-SE:  1800.
> Cisco-Guid: 3776566429-1164120539-2202206211-3126568985.
> User-Agent: Cisco-SIPGateway/IOS-12.x.
> Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO.
> CSeq: 101 INVITE.
> Max-Forwards: 6.
> Remote-Party-ID: <sip:22498045 at 81.21.38.13>;party=calling;screen=yes;privacy=off.
> Timestamp: 1158311722.
> Contact: <sip:22498045 at 81.21.38.13:5060>.
> Expires: 180.
> Allow-Events: telephone-event.
> Content-Type: application/sdp.
> Content-Length: 274.
> .
> 
> And these messages are repeating until the requested time out;-)
> 
> Whats wrong here :-
> 
>                Hope this information can help me
> 
>                      Thanks,
> Ravi.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20060915/84b822fa/attachment.htm>

More information about the sr-users mailing list