[OpenSIPS-Users] tcpconn_add_alias port hijack attempt log message using TLS in 1.11.5

Liviu Chircu liviu at opensips.org
Thu Jul 30 11:26:50 CEST 2015


Hi Carlos,

Thank you for the additional details! Issue had been pinpointed already 
and is currently being taken care of.

Best regards,

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 30.07.2015 10:31, Carlos Oliva wrote:
> Hi list:
>
> Working with TLS (with client certificate validation) in Version
> 1.11.5 I started to see in the log those messages:
>
> ERROR:core:tcpconn_add_alias: possible port hijack attempt
> ERROR:core:tcpconn_add_alias: alias already present and points to
> another connection (199 : 5062 and 219 : 5062)
> ERROR:core:receive_msg: tcp alias failed
>
> Those mesages appear after an non-existent users tries to register in the proxy.
>
> I've some UACs (that I can not control) after the same public IP
> trying to register with an invalid user but with a valid TLS client
> certificate each 10 seconds.
> As far I can see after two of the UACs tries to register, this message
> start to appear after each try.
>
> In the messages I see the number 199 and 219 changes but 5062 is persistent.
>
> The contact header of one of the UACs is
> sips:USER1 at 192.168.1.201:5062;transport=tls but it is received from
> PUBLIC_CLIENT_IP:24609
> The contact header of the other UAC is
> sips:USER2 at 192.168.1.207:16577;transport=tls and is received from
> PUBLIC_CLIENT_IP:40993
>
> Listing tcp connections 199 and 219 exists look right:
>
> Connection::  ID=199 Type=tls State=0 Source=PUBLIC_CLIENT_IP:42081
> Destination=MY_IP:5061 Timeout=2015-07-30 09:24:54 Pending lifetime=0
> Connection::  ID=219 Type=tls State=0 Source=PUBLIC_CLIENT_IP:24609
> Destination=MY_IP:5061 Timeout=2015-07-30 09:47:44 Pending lifetime=0
>
> I'm not using TCP async mode, not using force_tcp_alias() and
> tcp_persistent_flag is not set beacuse auth was not succcesful.
>
> Maybe is an error in my NAT detection route? in TCP/TLS cases I'm
> always using nat_traversal module and doing:
>
> modparam("registrar", "received_avp", "$avp(received_uri)")
> modparam("registrar", "tcp_persistent_flag", "TCP_PERSISTENT")
>
> setbflag(NAT);
> force_rport();
> $avp(received_uri) = $source_uri;
>
>
> Any hints?
>
> Thanks and regards,
>
> Carlos Oliva
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users




More information about the Users mailing list