[OpenSIPS-Users] opensips-cp CDR correlation

Dan Pascu dan at ag-projects.com
Thu Apr 30 02:24:49 CEST 2009


On Thursday 30 April 2009, Iñaki Baz Castillo wrote:
> El Miércoles, 29 de Abril de 2009, Dan Pascu escribió:
> 
> > My bad. I was under the impression that we are discussing ways to 
prevent
> > a user from hacking a system and getting calls which are free of 
charge.
> > In my (limited) knowledge, this only applies to PSTN calls (which have 
a
> > fee). Maybe you care to elaborate why do you care for accounting for 
free
> > (as in no fee involved) SIP to SIP calls or why would a user be 
interested
> > in hijacking a SIP to SIP call that is free of charge?
> 
> Again my example:
> 
> ------------
> Imagine a company using a hosted virtual PBX solution (the
> proxy/SA/B2BUA has public IP while the phones are behind NAT).
> Imagine the boss wishing to have an accurated log (cdr) of how long
> his employers are speaking between them.
> ------------
> 
> I can sure that I do have those kind of clients (or really worse XDDD)

I'm sure there is this kind (and unfortunately not in short supply), but 
you do realize that if some employee has a expertise to hack a SIP device 
to send abnormal BYE requests that attempt to fake the closing of the SIP 
session while preventing the media from closing, he also has the much 
simpler expertise to use skype or an un-hacked SIP device with a public, 
free, unaccounted SIP service. That boss cannot win this fight, though I 
have a feeling he is not willing to listen to reason.

To be honest, I do not think there is an enforceable solution for such a 
case. No matter if you use session timers, or even if you use a media 
relay, the employees can always chose to use skype or another means to 
communicate which goes around the system completely.

-- 
Dan



More information about the Users mailing list