Pjsip allow anonymous invites AND authenticated register

Asterisk Asterisk SIP
1

Hi

I see my machine keeps getting hit by probes trying to INVITE without authentication.

For the fun, I would like to keep them busy and send some funny announcement or send them to some IVR or so (looking at you PonyTelecom)

So I have loaded res_pjsip_endpoint_identifier_anonymous.so and configured an anonymous endpoint:

endpoint_identifier_order=auth_username,username,ip,anonymous

[anonymous]
type=endpoint
context=anonymous

Unfortunately this breaks registration for my regular devices which use auth_username as not they get a 403 instead of a 401 reply. It looks like anonymous is the first method being attempted and as this fails for registratios (no AOR) the auth_usernamen method is not being attempted which would require a 401 challenge being sent.

I seem to recall, there was a setting to always send 401 but I can’t find it anymore. Was this in chan_sip perhaps?

This could also be handy for accepting unauthenticated calls send by others as a result of an ENUM or DUNDi lookup.

-Benoît-

1 Like
2

You can not have anonymous enabled while also requiring auth_username. For auth_username to work Asterisk has to challenge the sending side, but you can’t do that if you have anonymous enabled because you’re configuring Asterisk to not challenge unknown sources. The source is unknown because it can only be known after the challenge when the remote side authenticates to Asterisk.

The chan_pjsip module has no option for this, as it always does this - if anonymous is not enabled.

4

@Rynox The OP seems to have got this far before the thread started. His problem is not how to set up a telesales torturer (incidentally tt_ in sound files mean they are for this purpose, and there is other support for this built in), for voice spam, but rather how to handle a legitimate caller, who is being matched on auth username, rather than From user, at the same time, as matching voice spam with anonymous..