thr3ads.net - asterisk users - [asterisk-users] When CALL-ID were same , I could hijack another session [Apr 2012]

If this information is useful, please help other people find it:
Share via:

nakaji

2012-Apr-16 12:53 UTC

[asterisk-users] When CALL-ID were same , I could hijack another session

Hello all.

I want to know this issue is bug or not.

My Asterisk version is 1.6.2.6.
I used  "nat=yes" on sip.conf.

##################################
Issue 1.   SDP session handring by Asterisk
##################################

I used 2 clients , A and B.  2 UAC under another NAT.

///////////////////////////////
            --- router ----  A
Asterisk
            --- router ----  B
///////////////////////////////

All IP address are examples.

Asterisk 155.0.0.* 

A 192.168.0.2 via 134.255.1.*
B 192.168.0.2 via 135.223.10.*

Asterisk and A and B have grobal address.
A and B are under NAT,and has local address.
URI is not same.
 A  AAA at 155.0.0.*
 B  BBB at 155.0.0.*

CALL-ID is same. Both CALL-ID is KKK at 192.168.0.2 .


After A and Asterisk 's call was established,
New call from B will be at last failed.

But when I saw B and Asterisk 's SDP log,
this was repeated.
======================INVITE  from B to Asterisk
Trying
Ringing
200 OK  from Asterisk to B
INVITE  from B to Asterisk
.
.
======================Call was not began.

I think it is true handring at the same CALL-ID.
But I can't understand.
Why Asterisk returns "200 OK" ?
Is this correct ?



#######################################
Issue 2.   On meetme , I can hijack another session.
#######################################

I used 4 clients , A and B and C and D.  2 UAC under another NAT.

///////////////////////////////
C  ----               --- router ----  A
            Asterisk
D  ----               --- router ----  B
///////////////////////////////

A and C join in meetme on Asterisk. room 100
B and D join in meetme on Asterisk. room 200
The room was not same.

All other setting was same as Issue 1.


After A and Asterisk 's call was established,
And after C and Asterisk 's call was established,
A and C could talk on room 100.

Then, new call from B.

On Asterisk log, log =full
this was repeated.
======================INVITE  from B to Asterisk
Trying
Ringing
200 OK  from Asterisk to B
INVITE  from B to Asterisk
.
.
======================It looked B's call has failed.

But It was not failed !!

B could hear the voice of "A and C conference".

Is this collect ??
Why I can hear another room's conference?

Is this mean session hijack ??
I could  do this.

I want to know  how to prevent this.


any help appreciated.

nakaji

asterisk users - Apr 2012 - When CALL-ID were same , I could hijack another session

[asterisk-users] When CALL-ID were same , I could hijack another session