[OpenSIPS-Users] Accounting: How to avoid a fraudulent BYE with lower CSeq?

Dan Pascu dan at ag-projects.com
Wed Jan 7 14:35:50 CET 2009


On Wednesday 07 January 2009, Iñaki Baz Castillo wrote:
> 2009/1/7 Dan Pascu <dan at ag-projects.com>:
> > On Wednesday 07 January 2009, Iñaki Baz Castillo wrote:
> >> 2009/1/7 Dan Pascu <dan at ag-projects.com>:
> >> > But then I can send one with the proper ruri, but a different
> >> > route set that puts me in the front of the gateway, so when I
> >> > receive the BYE, instead of forwarding it to the gateway as the
> >> > route set requests, I reply myself with a 200 OK making it look
> >> > like it came from the gateway.
> >>
> >> This could be avoiding by examinating the $dd value. If it's set it
> >> means that a Route header exists, so we could reject the BYE. But
> >> this would break a complex scenario with varios sequential proxies
> >> doing loose-routing.
> >
> > You can't. I can build a reply that looks genuine. All I have to do
> > is place myself between the proxy and the gateway in the route set
> > and if the proxy doesn't disallow the modified route set it can't
> > tell who gave the 200 OK to the BYE.
>
> But I mean that the proxy would reject the BYE if it contains a route
> set after the proxy does loose-routing, so the only valid destination
> is the RURI (and the proxy can check if the RURI is the gateway).

Why would I do that? I commonly have cases where between the UAC and the 
gateway I have more than 1 proxy in the path. Then again, as I said, if 
you go to check the route set, you're less a proxy and more a b2bua. A 
pure proxy should simply honor the route set and send to the next hop.

-- 
Dan



More information about the Users mailing list