[OpenSIPS-Users] opensips-cp CDR correlation
Dan Pascu
dan at ag-projects.com
Thu Apr 30 02:24:49 CEST 2009
On Thursday 30 April 2009, Iñaki Baz Castillo wrote:
> El Miércoles, 29 de Abril de 2009, Dan Pascu escribió:
>
> > My bad. I was under the impression that we are discussing ways to
prevent
> > a user from hacking a system and getting calls which are free of
charge.
> > In my (limited) knowledge, this only applies to PSTN calls (which have
a
> > fee). Maybe you care to elaborate why do you care for accounting for
free
> > (as in no fee involved) SIP to SIP calls or why would a user be
interested
> > in hijacking a SIP to SIP call that is free of charge?
>
> Again my example:
>
> ------------
> Imagine a company using a hosted virtual PBX solution (the
> proxy/SA/B2BUA has public IP while the phones are behind NAT).
> Imagine the boss wishing to have an accurated log (cdr) of how long
> his employers are speaking between them.
> ------------
>
> I can sure that I do have those kind of clients (or really worse XDDD)
I'm sure there is this kind (and unfortunately not in short supply), but
you do realize that if some employee has a expertise to hack a SIP device
to send abnormal BYE requests that attempt to fake the closing of the SIP
session while preventing the media from closing, he also has the much
simpler expertise to use skype or an un-hacked SIP device with a public,
free, unaccounted SIP service. That boss cannot win this fight, though I
have a feeling he is not willing to listen to reason.
To be honest, I do not think there is an enforceable solution for such a
case. No matter if you use session timers, or even if you use a media
relay, the employees can always chose to use skype or another means to
communicate which goes around the system completely.
--
Dan
More information about the Users
mailing list