[SR-Users] Phone does not set "Expire-header" but "Contact expire", immediately expires

Kevin Olbrich ko at sv01.de
Wed Nov 7 22:01:44 CET 2018 

For anyone interested:
server_header="Server: Mitel Border GW"

This effectively forges the header to the one from the firmware.
There are many other:
Aastra 800
OpenCom
Aastra 400
MiVoice Office 400
Aastra MX-ONE
Forum 5
Telepo
Mitel-5000-ICP
Mitel Border GW
Mitel-3300-ICP

Source:
- binwalk -e 6930.st
- jffs2-root/fs_1/bin/linemgrSip will be of interest

security through obscurity

Kevin

Am Mi., 7. Nov. 2018 um 15:06 Uhr schrieb Kevin Olbrich <ko at sv01.de>:

> Hi!
>
> I have found the problem. It is indeed desired behaviour!
> Current FW is 5.1.0. I have now browsed the realease notes from latest to
> oldest and release 5.0.0 (first for Mitel 6900 series) states, that this
> phone only works, if registered to Mitel call servers.
> This remark is only listet there and in no other location. Seems like all
> who buy this phone are currently out of luck.
> The phone does not detect a Mitel call server and throws an internal 606
> and disables the line until reboot.
> Source: Page 14 of Mitel 6800/6900 Series SIP Phones 5.0.0 Release Notes
>
> I never had such a case, where a vendor locks his phone to it's own
> platform. In particular does not communicate this change.
>
> Thanks for your help while debugging this. I have learned a lot during
> debug.
>
> Kind regards
> Kevin
>
>
> Am Di., 6. Nov. 2018 um 23:30 Uhr schrieb Sergiu Pojoga <pojogas at gmail.com
> >:
>
>> Hardly a guess, just experience, lol
>>
>> You're welcome.
>>
>> On Tue, Nov 6, 2018 at 5:24 PM Kevin Olbrich <ko at sv01.de> wrote:
>>
>>> Am Di., 6. Nov. 2018 um 23:09 Uhr schrieb Sergiu Pojoga <
>>> pojogas at gmail.com>:
>>>
>>>> I would assume the phone sends multiple REGISTER requests with same
>>>> CallID, one or more of which has an expire=0, as a NAT traversal technique
>>>> trying to discover its public IP at first. May be it doesn't do it very
>>>> well.
>>>>
>>>
>>> I have checked again and indeed, correct guess!
>>>
>>>
>>>>
>>>>
>>> Since you are using Kamailio for auth/usrloc, sending its REGISTER with
>>>> expire=0 would indicate that the Kamailio contact has expired (probably
>>>> after such a request was received from the phone). Try checking it with
>>>> 'kamctl ul show'
>>>>
>>>
>>> Correct as well, endpoint is not listed there.
>>>
>>> I will check if I can get debug from the phone.
>>>
>>> Thank you very much!
>>>
>>> Kevin
>>>
>>>
>>>> On Tue, Nov 6, 2018 at 4:57 PM Henning Westerholt <hw at kamailio.org>
>>>> wrote:
>>>>
>>>>> Am Dienstag, 6. November 2018, 22:50:54 CET schrieb Kevin Olbrich:
>>>>> > Am Di., 6. Nov. 2018 um 22:40 Uhr schrieb Sergiu Pojoga <
>>>>> pojogas at gmail.com>:
>>>>> > > It's not clear what kamailio/asterisk integration method you are
>>>>> using.
>>>>> > > Looking at the 2 provided messages - the 2nd one is not a relay of
>>>>> the 1st
>>>>> > > one.
>>>>> >
>>>>> > I might have matched the wrong transaction. I use HEP/HOMER to
>>>>> observe
>>>>> > communication and Kamailio starts a new flow (=Call-Id) to asterisk
>>>>> (this
>>>>> > message is no coming from the phone).
>>>>> >
>>>>> > > handle authentication/usrloc in Kamailio?
>>>>> > > or
>>>>> > > using PATH extension?
>>>>> >
>>>>> > I do auth + usrloc in Kamailio, no PATH.
>>>>> >
>>>>> > Maybe the Kamailio debug would lead me to the problem but verbose
>>>>> level 3
>>>>> > has too much info.
>>>>>
>>>>> Hi Kevin,
>>>>>
>>>>> you could control the time when the specific not-working phone send a
>>>>> REGISTER. Then you can enable the debugging for a few seconds during
>>>>> this
>>>>> time, and then deactivate it again. This should work even on a
>>>>> production
>>>>> server. Debugging it on a test server is of course an even better way.
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Henning
>>>>>
>>>>> --
>>>>> Henning Westerholt - https://skalatan.de/blog/
>>>>> Kamailio services - https://skalatan.de/services
>>>>> Kamailio security assessment - https://skalatan.de/de/assessment
>>>>>
>>>>> _______________________________________________
>>>>> Kamailio (SER) - Users Mailing List
>>>>> sr-users at lists.kamailio.org
>>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>> _______________________________________________
>>>> Kamailio (SER) - Users Mailing List
>>>> sr-users at lists.kamailio.org
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>> _______________________________________________
>>> Kamailio (SER) - Users Mailing List
>>> sr-users at lists.kamailio.org
>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20181107/e716ac16/attachment.html>

More information about the sr-users mailing list