[Freeswitch-users] question on handling of nonce count (nc)

Michael Jerris mike at jerris.com
Mon Apr 11 23:46:33 MSD 2016 

sounds like devices that are broken to me.  

> On Apr 10, 2016, at 2:23 AM, Dave Horton <daveh at beachdognet.com> wrote:
> 
> In investigating some REGISTER storms on one of my networks, I am seeing some client devices interacting with Freeswitch in a manner that can lead to excessive registration traffic.  
> It looks to me to be more of an endpoint problem than a freeswitch problem, but I would like confirmation of that as well as any ideas on how to handle this (i.e., throttle back this traffic).
> 
> The basic problem flow is this:
> 
> - Client sends a REGISTER with a large nc value and nonce value A
> - Freeswitch replies 401 with stale=true (nonce is stale) and nonce value B
> - Client sends another REGISTER with nc value incremented by 1 and nonce value A again
> - Freeswitch replies 401 with stale=true (nonce is stale) and nonce value C
> - Client sends another REGISTER with nc value incremented again and nonce value A again
> ….etc.
> 
> This seems particularly problematic with some Yealink, Communicator, and Polycomm IP Soundlink endpoint
> 
> Here is a specific example (some information redacted)
> 
> recv 804 bytes from udp/[]:5060 at 23:54:11.906859:
>   ------------------------------------------------------------------------
>   REGISTER sip:x.x.x.x:5060 SIP/2.0
>   Authorization: Digest username="123371",realm="sip.foo.com",nonce="41adc443-57c8-4325-831e-ffd006a922d4",uri=“sip:x.x.x.x:6060",response="3a4b5f05ec1897a58865b4ba0cdb0b4d",cnonce="b5d06adf6a4c7c0592f5fc1d7766a605",nc=0000008a,qop=auth,algorithm=MD5
> 
> send 641 bytes to udp/[10.128.77.170]:5060 at 23:54:11.909722:
>   ------------------------------------------------------------------------
>   SIP/2.0 401 Unauthorized
>   WWW-Authenticate: Digest realm=sip.foo.com", nonce="888c8919-b28f-4be4-be12-753430aafa88", stale=true, algorithm=MD5, qop=“auth”
> 
> 
> recv 804 bytes from udp/[]:5060 at 23:54:12.007622:
>   ------------------------------------------------------------------------
>   REGISTER sip:x.x.x.x:5060 SIP/2.0
>   Authorization: Digest username="123371",realm="sip.foo.com",nonce="41adc443-57c8-4325-831e-ffd006a922d4",uri=“sip:x.x.x.x:6060",response="556498e38d27c944f10e3a0c11a5ea41",cnonce="5585e516afcf2f95bfbc4bef11a075ee",nc=0000008b,qop=auth,algorithm=MD5
> 
> send 641 bytes to udp/[10.128.77.170]:5060 at 23:54:12.010376:
>   ------------------------------------------------------------------------
>   SIP/2.0 401 Unauthorized
>   WWW-Authenticate: Digest realm=“sip.foo.com", nonce="1ff3b9a3-4cbb-4569-b6c7-7bee203547ac", stale=true, algorithm=MD5, qop="auth"
> 
> recv 804 bytes from udp/[10.128.77.170]:5060 at 23:54:12.108742:
>   ------------------------------------------------------------------------
>   REGISTER sip:x.x.x.x:5060 SIP/2.0
>   Authorization: Digest username="123371",realm="sip.foo.com",nonce="41adc443-57c8-4325-831e-ffd006a922d4",uri=“sip:x.x.x.x:6060",response="9cf2360ef5f28684e667ac878362d0c0",cnonce="9833d8d3889d3ae8875e0f6f00c4d3f3",nc=0000008c,qop=auth,algorithm=MD5
> 
> 
> 
> 
> 
> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services: 
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list