[Spce-user] kamailio hangs out after got call from anonymous

Tóth Csaba tsabi at tsabi.hu
Sat May 2 14:23:15 EDT 2015 

Hi,

one more thing, after NGCP bans this IP - as it says in the log - i
don't see it in the "Security Bans" page of the web admin. Actually, it
is completely empty - only the "XMLRPC not allowed" is in the IP Bans.

Shouldn't it show up there? How can i decide whether the IP is banned or
not? Is there a bash command to query the internal bans?

At the moment only the restart of the kamailio processes helps to clear
the ban.

BR,
Csaba





2015.04.30. 22:33 keltezéssel, Daniel Grotti írta:
> Hi,
> I don't see a crash.
> The IP fails to register and also is sending a flood of INVITEs at the
> same second, and the IP gets banned.
> 
> 
> Apr 30 14:12:37 sip proxy[13651]: WARNING: <script>: Mark host as banned
> - S=<null> SS='<null>' M=INVITE R=sip:06203225742 at sip.entelefonom.hu
> 
> 
> this is why ngcp does not accept any other request from that ip.
> 
> 
> 
> --
> Daniel Grotti
> VoIP Engineer
> 
> 
> Sipwise GmbH
> Europaring F15 | 2345 Brunn am Gebirge, Austria | www.sipwise.com
> 
> On 04/30/2015 05:41 PM, Tóth Csaba wrote:
>> Hi,
>>
>> they attached.
>> If you need full log i can send ofc.
>>
>> BR,
>> Csaba
>>
>>
>>
>> 2015.04.30. 17:26 keltezéssel, Daniel Grotti írta:
>>> Please share the kamailio-proxy.log.
>>>
>>> Daniel
>>> On Apr 30, 2015 4:47 PM, Tóth Csaba <tsabi at tsabi.hu> wrote:
>>>>
>>>> Dear SipWise Team, 
>>>>
>>>> i use mr3.8.1 version. 
>>>> Have a new customer, who uses a Avaya IP Office. When they make an 
>>>> anonymous call the kamailio "crash", and from that don't accept any 
>>>> other register from that host. Just a restart helps (but i restart both 
>>>> of the proxy and lb, don't know which one solvs the issue). 
>>>>
>>>> The subscriber makes this call: 
>>>>
>>>> INVITE sip:BNUMBER at DOMAIN SIP/2.0 
>>>> Via: SIP/2.0/UDP 
>>>> 89.xx.xx.xx:5060;rport;branch=z9hG4bK9471122e5c5572b28fffd346d1f642f8 
>>>> From: "Anonymous" <sip:anonymous at anonymous.invalid>;tag=7de012ee906d7bd5 
>>>> To: <sip:BNUMBER at DOMAIN> 
>>>> Call-ID: b6d1c9ab095bdf9e975810897ae3010a 
>>>> CSeq: 153349233 INVITE 
>>>> Contact: <sip:anonymous at 89.xx.xx.xx:5060;transport=udp> 
>>>> Authorization: Digest 
>>>> username="USERNAME",realm="DOMAIN",nonce="NONCE",response="RESP",uri="sip:BNUMBER at DOMAIN" 
>>>> Max-Forwards: 70 
>>>> Allow: INVITE,ACK,CANCEL,OPTIONS,BYE,INFO,NOTIFY,UPDATE 
>>>> Content-Type: application/sdp 
>>>> Supported: timer 
>>>> User-Agent: IP Office 9.0.5.0 build 972 
>>>> Privacy: id 
>>>> P-Asserted-Identity: "USERNAME" <sip:USERNAME at 192.168.48.3:5060> 
>>>> Content-Length: 300 
>>>>
>>>> v=0 
>>>> o=UserA ..... ..... IN IP4 89.xx.xx.xx 
>>>> s=Session SDP 
>>>> c=IN IP4 89.xx.xx.xx 
>>>> t=0 0 
>>>> m=audio 49154 RTP/AVP 8 0 18 4 101 
>>>> a=rtpmap:8 PCMA/8000 
>>>> a=rtpmap:0 PCMU/8000 
>>>> a=rtpmap:18 G729/8000 
>>>> a=fmtp:18 annexb=no 
>>>> a=rtpmap:4 G723/8000 
>>>> a=rtpmap:101 telephone-event/8000 
>>>> a=fmtp:101 0-15 
>>>>
>>>>
>>>> SipWise NGCP system sends back a 407 reauth: 
>>>>
>>>> SIP/2.0 407 Proxy Authentication Required 
>>>> Via: SIP/2.0/UDP 
>>>> 89.xx.xx.xx:5060;rport=5060;branch=z9hG4bK9471122e5c5572b28fffd346d1f642f8 
>>>> From: "Anonymous" <sip:anonymous at anonymous.invalid>;tag=7de012ee906d7bd5 
>>>> To: <sip:BNUMBER at DOMAIN>;tag=1d24a28a0bded6c40d31e6db8aab9ac6.f9b1 
>>>> Call-ID: b6d1c9ab095bdf9e975810897ae3010a 
>>>> CSeq: 153349233 INVITE 
>>>> P-NGCP-Auth-IP: 89.xx.xx.xx 
>>>> P-NGCP-Auth-UA: IP Office 9.0.5.0 build 972 
>>>> P-NGCP-Caller-Info: <sip:USER at DOMAIN>;ip=89.xx.xx.xx;port=5060 
>>>> Proxy-Authenticate: Digest realm="anonymous.invalid", nonce="NONCE" 
>>>> Server: Sipwise NGCP Proxy 3.X 
>>>> Content-Length: 0 
>>>>
>>>>
>>>>
>>>>
>>>> Here the realm changed. And after this the Avaya tries to authenticate 
>>>> using this realm, but fails all the time. Only the restart of the two 
>>>> kamailio helps. 
>>>>
>>>> What can be wrong? 
>>>>
>>>> I can send the full pcap in private if that helps. 
>>>>
>>>> Thanks in advance! 
>>>> Csaba Tóth 
>>>> _______________________________________________ 
>>>> Spce-user mailing list 
>>>> Spce-user at lists.sipwise.com 
>>>> https://lists.sipwise.com/listinfo/spce-user 
> 
>

More information about the Spce-user mailing list