[OpenSIPS-Users] opensips-cp CDR correlation
Iñaki Baz Castillo
ibc at aliax.net
Wed Apr 29 09:31:03 CEST 2009
El Miércoles, 29 de Abril de 2009, Bogdan-Andrei Iancu escribió:
> > Shouldn't that ordering at the end be DESC instead of ASC.. point is,
> > don't you want the absolute FIRST invite per callid and the absolute
> > last BYE per callid? (sure there shouldn't be much after the FIRST
> > BYE, but still..)
>
> but "ORDER BY time ASC" will take the BYE with the smallest timestamp ->
> the first BYE received, which should be correct IMO, as the call will be
> terminated by the first BYE....or I'm missing something in what you are
> saying?
Always I hear "billing in a proxy" I must to show an example attack:
Phone1 Proxy Phone2
INVITE CSeq:1 -----> --------------->
<------------------- <-------- 200 OK
ACK CSeq:1 --------> --------------->
<################ RTP ##############>
BYE CSeq:1 --------> --------------->
[ ACC DONE ]
<------------------- <-- 400 Bad CSeq
( audio remains )
For "fixing" this issue, the proxy could generate the accounting just after
receiving the 200 OK for a BYE. But then we can also play with an infinite
possibility of spoofed "Route"/"RURI" headers so the BYE is send and received
by the attacker itself, who replies 200 for the BYE (but it mantains the RTP
session with Phone2/Gateway.
--
Iñaki Baz Castillo <ibc at aliax.net>
More information about the Users
mailing list