Difference between revisions of "Correct auth, but based on stale nonce received from"

From Kolmisoft Wiki
Jump to navigationJump to search
 
(4 intermediate revisions by one other user not shown)
Line 6: Line 6:
It means that a SIP device is re-using an old authentication challenge. If it still registers and can place calls, there's no problem to worry about. It's just a warning. [http://lists.digium.com/pipermail/asterisk-users/2005-July/110220.html source]
It means that a SIP device is re-using an old authentication challenge. If it still registers and can place calls, there's no problem to worry about. It's just a warning. [http://lists.digium.com/pipermail/asterisk-users/2005-July/110220.html source]


Comment from source chan_sip.c:
/* We got working auth token, based on stale nonce. Since we never received our "current" nonce no need to generate a new one */
<br>
----
----
<br>


It can be that someone wants to register with a sniffed SIP packet.
It can be that someone wants to register with a sniffed SIP packet.


It's basically the nonce="" value is not the same Asterisk sent for that REGISTER session. [http://www.mail-archive.com/asterisk-users@lists.digium.com/msg222636.html source]
It's basically the nonce="" value is not the same Asterisk sent for that REGISTER session. [http://www.mail-archive.com/asterisk-users@lists.digium.com/msg222636.html source]
<br>
----
<br>
This NOTICE is only seen when '''sip debug''' is enabled. From [https://reviewboard.asterisk.org/r/289/diff/1/ chan_sip.c]:
if (sipdebug)
    ast_log(LOG_NOTICE, "Correct auth, but based on stale nonce received from '%s'\n", get_header(req, "To"));
Execute:
sip set debug off
in [[Asterisk CLI]] to hide this message.

Latest revision as of 10:26, 16 September 2010

Looks like this:

[Oct  7 23:27:30] NOTICE[2056]: chan_sip.c:8866 check_auth: Correct auth, but based on stale nonce received from '<sip:ac009602@21.11.2.1>'


It means that a SIP device is re-using an old authentication challenge. If it still registers and can place calls, there's no problem to worry about. It's just a warning. source

Comment from source chan_sip.c:

/* We got working auth token, based on stale nonce. Since we never received our "current" nonce no need to generate a new one */




It can be that someone wants to register with a sniffed SIP packet.

It's basically the nonce="" value is not the same Asterisk sent for that REGISTER session. source





This NOTICE is only seen when sip debug is enabled. From chan_sip.c:

if (sipdebug)
    ast_log(LOG_NOTICE, "Correct auth, but based on stale nonce received from '%s'\n", get_header(req, "To"));


Execute:

sip set debug off 

in Asterisk CLI to hide this message.