Monday, June 18, 2012

svwar.py: Bad user = SIP/2.0 401 - svwar will probably not work!

Running sipwar.py from SIPVicious was throwing below error

#/home/praveen/sipvicious-0.2.7#./svwar.py --force -e100-110 3.3.3.10
WARNING:TakeASip:Bad user = SIP/2.0 401  - svwar will probably not work!
WARNING:TakeASip:We got an unknown response
ERROR:TakeASip:Response: 'SIP/2.0 401 Unauthorized\r\nVia: SIP/2.0/UDP 127.0.0.1:5060;branch=z9hG4bK-2777087671;received=172.16.1.5;rport=5060\r\nFrom: "100";tag=3130300131353239383436353338\r\nTo: "100";tag=as4442a546\r\nCall-ID: 3403670806\r\nCSeq: 1 REGISTER\r\nServer: Asterisk PBX 1.8.13.0\r\nAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH\r\nSupported: replaces, timer\r\nWWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="5858df28"\r\nContent-Length: 0\r\n\r\n'
WARNING:root:found nothing

IP Address 3.3.3.10 is the Asterisk PBX Server.

Googled for the error but couldn'd find solution so thought of going through the SIP Configuration file /etc/asterisk/sip.conf where we can find below description.
    
When an incoming INVITE or REGISTER is to be rejected, for any reason, always reject with     '401 Unauthorized 'instead of letting the requester know whether there was a matching user or peer for their request .i.e. PBX server will always respond with "401 Unauthorized" error to not disclose user details.


Add below line to sip.conf, by default the value is yes.
alwaysauthreject = no

Restart Asterisk PBX for above changes to reflect.

$sudo /etc/init.d/asterisk /stop/start
            or

execute below commands
#asterisk -vvr
asterisk*CLI>sip reload

Now we can successfully run svwar.py which gives below output
#/home/praveen/sipvicious-0.2.7#./svwar.py  -e100-1010 3.3.3.10
| Extension | Authentication |
------------------------------
| 1004      | reqauth        |
| 102       | reqauth        |
| 101       | reqauth        |
| 1003      | reqauth        |
| 1002      | reqauth        |
| 1001      | reqauth        |

Articles which might be of interest 
Packet level view of REGISTER, SUBSCRIBE and NOTIFY methods
http://www.darshanams.blogspot.in/2012/06/x-lite-client-registering-with-pbx.html

Configuration and Registration of Softphone and Analog Phone( with ATA) and Asterisk PBX
http://www.darshanams.blogspot.in/2012/06/softphone-registration-with-asterisk.html

Thank You !!!