[OpenSER-Users] record_route() for responses

Juha Heinanen jh at tutpro.com
Mon Nov 19 03:59:10 CET 2007


Robert Dyck writes:

 > Speaking of Twinkle, that is the UA I was referring to in my previous
 > post on this thread. During a re-INVITE it does not return an
 > Record-Route list with its 200 OK. This does not violate the spec but
 > it causes inter-working problems with asterisk because asterisk
 > appears to create an empty route set and the ACK will not find its
 > way. 

instead of making a workaround in twinkle, i would suggest that asterisk
folks fix their sip implementation.

by the way, someone recently posted to this list a reference to a french
sip vulnerability report and suggested that openser should do something
about it.  after reading the report, i got an impression that the attack
described in it only works if a sip ua responds directly to a re-invite
instead of sticking to its original route set.  based on what you
describe in above, looks like asterisk may be hit also by this attack.

-- juha




More information about the Users mailing list