Hi Mukundu
Please check this part of RFC 3261 :
UAs and proxy servers SHOULD challenge questionable requests with
only a single 401 (Unauthorized) or 407 (Proxy Authentication
Required), forgoing the normal response retransmission algorithm, and
thus behaving statelessly towards unauthenticated requests.
Retransmitting the 401 (Unauthorized) or 407 (Proxy Authentication
Required) status response amplifies the problem of an attacker
using a falsified header field value (such as Via) to direct
traffic to a third party
Thanks & Regards
Ankur Bansal
On Wed, Mar 5, 2014 at 7:40 PM, Mukundu Gupta <[email protected]>wrote:
> Hi All,
> Could any one please help me out on requested queries as below:
>
> 1. How to handle a duplicate 407 or 401 messages received.
> 2. How do we identify the received message is a duplicate message.
> 3. Is there any specification to handle a duplicate messaging.
>
> The scenario is as follows:
>
> UAC Proxy
> ***************************************
> INVITE--->
> <---- 407 for Invite
> INVITE with Auth ---> <---- 407 for Invite ( before receiving
> INVITE with Auth)
> <---- 200 OK
>
> Proxy re-transmits the 407 duplicate message before receiving INVITE with
> Auth.
> UAC received the duplicate 407 response after sending INVITE with 407.
>
>
>
> Thanks,
>
> Gupta
> _______________________________________________
> Sip-implementors mailing list
> [email protected]
> https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
>
_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
