[OpenSER-Users] record_route() for responses
Juha Heinanen
jh at tutpro.com
Mon Nov 19 03:59:10 CET 2007
Robert Dyck writes:
> Speaking of Twinkle, that is the UA I was referring to in my previous
> post on this thread. During a re-INVITE it does not return an
> Record-Route list with its 200 OK. This does not violate the spec but
> it causes inter-working problems with asterisk because asterisk
> appears to create an empty route set and the ACK will not find its
> way.
instead of making a workaround in twinkle, i would suggest that asterisk
folks fix their sip implementation.
by the way, someone recently posted to this list a reference to a french
sip vulnerability report and suggested that openser should do something
about it. after reading the report, i got an impression that the attack
described in it only works if a sip ua responds directly to a re-invite
instead of sticking to its original route set. based on what you
describe in above, looks like asterisk may be hit also by this attack.
-- juha
More information about the Users
mailing list