Bad re-registration status


This is my problem:
I can register my softphone to asterisk v1.6.2.13 and I can make a sip call without problem.
Now if I change the password (secret) of my softphone and try to re-register with a wrong password (my ip address doesn’t change), asterisk will do a reject: it’s ok, asterisk do the job.
But WHY the peer is still registered when I do: “sip show peers” ???
My client softphone status say “I’m not registered” but the asterisk client status say “I’m registered” and I can call it !!!

Do I have to set a parameter in my sip.conf ?

Here an example of a peer configuration in my sip.conf

context = company
type = friend
insecure = invite
dtmfmode = rfc2833
username = 200
secret = 200
host = dynamic
callerid = 200
qualify = yes

Thanks for any explanation


Because you haven’t de-registered, the registration hasn’t timed out, and you haven’t successfully registered from a new IP address.

If it was easy to break a registration by trying to register with a bad password, this would become a favourite denial of service tactic.

Thanks for your response.
I’ve supposed a problem of timeout as you said but didn’t found any info about this.
I understand the response about the attack but the asking of registration come from the same ip address. Asterisk could check if the command comes from the same source and update its status when refusing to register. Maybe to avoid attack from men in the middle it’s better like it is ?

In my case if the client change its configuration, he still can make or receive a call ! It’s a strange situation.

The IP address being registered is part of the payload, not the IP level headers, so man in the middle isn’t an issue. Even if it weren’t, IP spoofing would be enough.