[SIPForum-discussion] CSeq of Bye after REFER

• Previous message: [SIPForum-discussion] Query about 407 proxy authentication Required in SIP response
• Next message: [SIPForum-discussion] CSeq of Bye after REFER
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

can  anyone plz brief me about "from header string attempt" attack in sip
ipphone.

each ip phone has feature called plug and play where it sends it mac
address in SUBSCRIBE request in " from " field to plug and play server
(224.0.1.75)..

Thus its "from" header format is different as that of "from "of normal sip
message which lead to this attack getting trigger.

normal   :

From: <sip:@1.2.3.4>;tag=1692014507

but if plug and play is enabled then

*From: <sip:MAC%3A000B82273B89 at 224.0.1.75
<sip%3AMAC%253A000B82273B89 at 224.0.1.75>*>;tag=1692014507


But can anyone tell how such such traffic can be considered as attack
eventhough it is one of the new and auto-configuration features in latest
ip phone like FANVIL etc

aditya prakash

On Tue, Jun 10, 2014 at 5:20 AM, Paul Kyzivat <pkyzivat at alum.mit.edu> wrote:

> BYE is a new transaction so it gets a new cseq number.
> It gets the next number to be assigned after the prior message.
>
> For a more detailed answer please post your call flow.
>
>         Thanks,
>         Paul
>
> On 6/9/14 5:23 AM, Amit Kothari wrote:
> > Hi,
> >
> > I have a query regarding CSeq of BYE in transfer scenario.
> >
> > If A establish the call with B
> > And B performs blind transfer to C
> > then what should be the CSeq of BYE sent from B to A.
> >
> > Thanks in advance :)
> > Amit Kothari
> >
> >
> >
> > _______________________________________________
> > This is the SIP Forum discussion mailing list
> > TO UNSUBSCRIBE, or edit your delivery options, please visit
> http://sipforum.org/mailman/listinfo/discussion
> > Post to the list at discussion at sipforum.org
> >
>
> _______________________________________________
> This is the SIP Forum discussion mailing list
> TO UNSUBSCRIBE, or edit your delivery options, please visit
> http://sipforum.org/mailman/listinfo/discussion
> Post to the list at discussion at sipforum.org
>



-- 
Aditya prakash(SDDE)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20140909/f26a55a4/attachment-0002.html>

• Previous message: [SIPForum-discussion] Query about 407 proxy authentication Required in SIP response
• Next message: [SIPForum-discussion] CSeq of Bye after REFER
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]