[OpenSIPS-Users] Accounting: How to avoid a fraudulent BYE with lower CSeq?

Iñaki Baz Castillo ibc at aliax.net
Thu Dec 18 11:55:26 CET 2008


Hi, I'm thinking in the following flow in which the caller/attacker
would get an unlimited call (but a limited CDR duration):

--------------------------------------------------------------------------
attacker                     OpenSIPS (Acc)                    gateway

INVITE (CSeq 12)  ------>
<-------- 407 Proxy Auth

INVITE (CSeq 13)  ------>
                                              INVITE (CSeq 13)  ------>
                                              <------------------- 200 Ok
<------------------- 200 Ok
                          << Acc START >>
ACK (CSeq 13) ----------->
                                              ACK (CSeq 13) ----------->

<******************* RTP ************************>

# Fraudulent BYE !!!
BYE (CSeq 10) ----------->
                          << Acc STOP >>
                                              BYE (CSeq 10) ----------->
                                              <-- 500 Req Out of Order
<-- 500 Req Out of Order
--------------------------------------------------------------------------

The call hasn't finished, but OpenSIPS has ended the accounting for
this call since it received a BYE. And this BYE will generate a
correct ACC Stop action (since it matches From_tag, To_tag and
Call-ID).

I think this is *VERY* dangerous and I hope I'm wrong.

Would help the dialog module here? does the dialog module check the
CSeq of the BYE in some way and could it prevent OpenSIPS from
generating the ACC STOP action? (I don't think so).

Any idea?




-- 
Iñaki Baz Castillo
<ibc at aliax.net>


More information about the Users mailing list