Robert Dyck writes:
Speaking of Twinkle, that is the UA I was referring to in my previous post on this thread. During a re-INVITE it does not return an Record-Route list with its 200 OK. This does not violate the spec but it causes inter-working problems with asterisk because asterisk appears to create an empty route set and the ACK will not find its way.
instead of making a workaround in twinkle, i would suggest that asterisk folks fix their sip implementation.
by the way, someone recently posted to this list a reference to a french sip vulnerability report and suggested that openser should do something about it. after reading the report, i got an impression that the attack described in it only works if a sip ua responds directly to a re-invite instead of sticking to its original route set. based on what you describe in above, looks like asterisk may be hit also by this attack.
-- juha