protocolssipvoipsip-serverjain-sip

Is it necessary to get authorization for de register also?


I am working with SIP.Currently I am seing a scenario in which a register with Expires header value 0 is going to the server.The server gives a 401 unauthorized and the phone sends a register again .This time also the register goes with the expires value 0 but with a digest authentication header.
My doubt is that is this a proper behavior by the server to challenge the deregister?
Note:As far as I know the register with a Expires 0 is a deregister.


Solution

  • Server can challenge any request and quite possibly challenge is issued before even looking in request content (e.g. message is passed to module that is able to interpret it). Challenging unregistration may prevent some kind of DoS attack with spoofed REGISTER requests.