[OpenSIPS-Users] Accounting: How to avoid a fraudulent BYE with lower CSeq?
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Fri Jan 9 13:14:48 CET 2009
I think the problem is mainly in detecting the bogus BYEs, rather than
what to do about.
Indeed, the dialog module can provide a lot of information that helps
with the detection. And not only in the trivial case of Cseq number,
but also monitoring if the direction where the BYE is received & sent
matches with the one stored in dialog (at invite time).
Regards,
Bogdan
Victor Pascual Ávila wrote:
> On Wed, Jan 7, 2009 at 11:58 AM, Adrian Georgescu <ag at ag-projects.com> wrote:
>
>> The dialog module could eventually be used to detect out of sync Cseq and
>> take decision to terminate the call. Is this feasible?
>>
>
> Correct me if I'm wrong, but in that case it'd be easier to
> reject/drop the BYE request.
>
> -Victor
>
>
>> Adrian
>> On Dec 19, 2008, at 3:59 PM, Victor Pascual Ávila wrote:
>>
>> On Fri, Dec 19, 2008 at 3:22 PM, Bogdan-Andrei Iancu
>> <bogdan at voice-system.ro> wrote:
>>
>> Hi Iñaki,
>>
>> Have you consider requesting auth for the BYE ? from SIP point of view
>>
>> is perfectly valid....
>>
>> I'm afraid this would only prevent external attackers but does not
>> protect you from your own customers-- guys who have the credentials
>> and wanna call for free.
>>
>> Cheers,
>> --
>> Victor Pascual Ávila
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>
>
>
>
More information about the Users
mailing list