[OpenSER-Users] How to avoid malicious BYE that update accounting "StopTime"?
    Iñaki Baz Castillo 
    ibc at aliax.net
       
    Fri Feb  8 21:56:20 CET 2008
    
    
  
El Viernes, 8 de Febrero de 2008, Juha Heinanen escribió:
> Iñaki Baz Castillo writes:
>  > How to avoid it? how to avoid anyone sending a malicious BYE with
>  > From&To tags  and Call-ID from any other already ended call?
>
> if you somehow can get hold of that information regarding a call, it is
> hard to prevent its misuse.  regarding your accounting problem, perhaps
> update is not a good idea and it would be better to store stop records
> separately from start records.
Not necesarialy. With some SQL conditions it's possible to avoid new and 
fraudulent UPDATE's:
First BYE -> STOP action -> SQL query:
  -----------------------------------------------------------
  UPDATE radacct  
  SET   [...] ConnectInfo_stop = ''
   WHERE [...] AND ConnectInfo_stop IS NULL
  -----------------------------------------------------------
Second BYE -> STOP action -> SQL query
  -----------------------------------------------------------
  UPDATE radacct  
  SET   [...] ConnectInfo_stop = ''
   WHERE [...] AND ConnectInfo_stop IS NULL
  -----------------------------------------------------------
The second query has no effect since ConnectInfo_stop is not NULL now.
The above code is already implements in "sql.conf" (at least in CDRTool 
proposed configuration). The issue I have reported occurs when there is not 
the first BYE (UAC crashes). Then MediaProxy sends an UPDATE that doesn't set
  ConnectInfo_stop = ''
(and it shouldn't do it).
So a malicious BYE could arrive much time later and perform succesfully the 
SQL STOP action and increase call duration.
But playing a bit with UPDATE action SQL and STOP action SQL it's possible to 
avoid this issue (in fact I've sent a patch solving it just now).
Best regards.
-- 
Iñaki Baz Castillo
    
    
More information about the Users
mailing list