Hi All Wow, thanks so much for the conversation on sorting this out.
I think you are right, it is likely a session timer issue. I found this tag on the 200 ok from the carrier: Session-Expires: 300;refresher=uas It may not help anything but I would like to try setting the session-timer = refuse as Michael suggested. I did a search for how to do this and came up empty, didn't see in the SST module. I think I may be missing something simple. Could any one tell me how to set this up? Thanks again to every one. All the best. Will Ferrer Switchsoft On Thu, Feb 19, 2015 at 10:10 AM, Alex Balashov <abalas...@evaristesys.com> wrote: > Hi, > > On 02/19/2015 12:59 PM, Andres wrote: > > We have struggled with this issue ourselves. The problem was that we >> did not want our SIP server to behave like an open relay. We were >> seeing that the session-timer Re-Invites have a Request-URI with the IP >> of the other >> endpoint instead of the Proxy. If the SIP server is an open relay then >> no problem, but ours is not so the config file was very strict and >> dropped the Re-Invite (since the Request-URI had an external IP) thus >> dropping the call. The config file could be enhanced by testing for >> has_totag() since the Re-Invite has the totag but an original Invite >> does not, but the hacker could put a bogus totag and make calls so its >> more secure to leave it this way. We ended up disabling session-timers >> at some our clients PBXs. Its always a balancing act between >> convenience/services and more security. We chose more security. >> > > From a SIP point of view, this is a strange position to take. An "open > relay" is an idea that normally applies to the unrestricted relay of > _initial_ requests to foreign domains. Requests flowing within a dialog > (i.e. loose-routed) are _supposed_ to have an RURI pointing to the > endpoint's domain: this is known as the "remote target" of a dialog, and is > set by the Contact URI of both dialog parties. > > I suppose it's true that one could compel your proxy to relay a sequential > request (like a reinvite) to any domain by including a Route header and a > To-tag, but what effect would this have on the far-end UA? It would not > match the spoofed request to an existing dialog. > > -- Alex > > -- > Alex Balashov - Principal > Evariste Systems LLC > 235 E Ponce de Leon Ave > Suite 106 > Decatur, GA 30030 > United States > > Tel: +1-678-954-0670 > Web: http://www.evaristesys.com/, http://www.alexbalashov.com/ > > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
