[OpenSIPS-Users] Accounting: How to avoid a fraudulent BYE with lower CSeq?
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Fri Dec 19 18:10:06 CET 2008
Victor Pascual Ávila wrote:
> On Fri, Dec 19, 2008 at 3:22 PM, Bogdan-Andrei Iancu
> <bogdan at voice-system.ro> wrote:
>
>> Hi Iñaki,
>>
>> Have you consider requesting auth for the BYE ? from SIP point of view
>> is perfectly valid....
>>
>
> I'm afraid this would only prevent external attackers but does not
> protect you from your own customers-- guys who have the credentials
> and wanna call for free
>
I guess you are refering to attacks like sending to proxy BYEs with RURI
or Route info pointing somewhere else than the GW and the proxy will
record end of call, but the GW does not actually receive a BYE.
Is this correct?
Regads,
Bogdan
More information about the Users
mailing list