[Freeswitch-users] question on handling of nonce count (nc)

Dave Horton daveh at beachdognet.com
Sun Apr 10 11:23:08 MSD 2016 

In investigating some REGISTER storms on one of my networks, I am seeing some client devices interacting with Freeswitch in a manner that can lead to excessive registration traffic.  
It looks to me to be more of an endpoint problem than a freeswitch problem, but I would like confirmation of that as well as any ideas on how to handle this (i.e., throttle back this traffic).

The basic problem flow is this:

- Client sends a REGISTER with a large nc value and nonce value A
- Freeswitch replies 401 with stale=true (nonce is stale) and nonce value B
- Client sends another REGISTER with nc value incremented by 1 and nonce value A again
- Freeswitch replies 401 with stale=true (nonce is stale) and nonce value C
- Client sends another REGISTER with nc value incremented again and nonce value A again
….etc.

This seems particularly problematic with some Yealink, Communicator, and Polycomm IP Soundlink endpoint

Here is a specific example (some information redacted)

recv 804 bytes from udp/[]:5060 at 23:54:11.906859:
   ------------------------------------------------------------------------
   REGISTER sip:x.x.x.x:5060 SIP/2.0
   Authorization: Digest username="123371",realm="sip.foo.com",nonce="41adc443-57c8-4325-831e-ffd006a922d4",uri=“sip:x.x.x.x:6060",response="3a4b5f05ec1897a58865b4ba0cdb0b4d",cnonce="b5d06adf6a4c7c0592f5fc1d7766a605",nc=0000008a,qop=auth,algorithm=MD5
   
send 641 bytes to udp/[10.128.77.170]:5060 at 23:54:11.909722:
   ------------------------------------------------------------------------
   SIP/2.0 401 Unauthorized
   WWW-Authenticate: Digest realm=sip.foo.com", nonce="888c8919-b28f-4be4-be12-753430aafa88", stale=true, algorithm=MD5, qop=“auth”


recv 804 bytes from udp/[]:5060 at 23:54:12.007622:
   ------------------------------------------------------------------------
   REGISTER sip:x.x.x.x:5060 SIP/2.0
   Authorization: Digest username="123371",realm="sip.foo.com",nonce="41adc443-57c8-4325-831e-ffd006a922d4",uri=“sip:x.x.x.x:6060",response="556498e38d27c944f10e3a0c11a5ea41",cnonce="5585e516afcf2f95bfbc4bef11a075ee",nc=0000008b,qop=auth,algorithm=MD5

send 641 bytes to udp/[10.128.77.170]:5060 at 23:54:12.010376:
   ------------------------------------------------------------------------
   SIP/2.0 401 Unauthorized
   WWW-Authenticate: Digest realm=“sip.foo.com", nonce="1ff3b9a3-4cbb-4569-b6c7-7bee203547ac", stale=true, algorithm=MD5, qop="auth"

recv 804 bytes from udp/[10.128.77.170]:5060 at 23:54:12.108742:
   ------------------------------------------------------------------------
   REGISTER sip:x.x.x.x:5060 SIP/2.0
   Authorization: Digest username="123371",realm="sip.foo.com",nonce="41adc443-57c8-4325-831e-ffd006a922d4",uri=“sip:x.x.x.x:6060",response="9cf2360ef5f28684e667ac878362d0c0",cnonce="9833d8d3889d3ae8875e0f6f00c4d3f3",nc=0000008c,qop=auth,algorithm=MD5

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list