[OpenSIPS-Users] Accounting: How to avoid a fraudulent BYE with lower CSeq?

Bogdan-Andrei Iancu bogdan at voice-system.ro
Fri Dec 19 15:22:18 CET 2008


Hi Iñaki,

Have you consider requesting auth for the BYE ? from SIP point of view 
is perfectly valid....

Regards,
Bogdan

Iñaki Baz Castillo wrote:
> Hi, I'm thinking in the following flow in which the caller/attacker
> would get an unlimited call (but a limited CDR duration):
>
> --------------------------------------------------------------------------
> attacker                     OpenSIPS (Acc)                    gateway
>
> INVITE (CSeq 12)  ------>
> <-------- 407 Proxy Auth
>
> INVITE (CSeq 13)  ------>
>                                               INVITE (CSeq 13)  ------>
>                                               <------------------- 200 Ok
> <------------------- 200 Ok
>                           << Acc START >>
> ACK (CSeq 13) ----------->
>                                               ACK (CSeq 13) ----------->
>
> <******************* RTP ************************>
>
> # Fraudulent BYE !!!
> BYE (CSeq 10) ----------->
>                           << Acc STOP >>
>                                               BYE (CSeq 10) ----------->
>                                               <-- 500 Req Out of Order
> <-- 500 Req Out of Order
> --------------------------------------------------------------------------
>
> The call hasn't finished, but OpenSIPS has ended the accounting for
> this call since it received a BYE. And this BYE will generate a
> correct ACC Stop action (since it matches From_tag, To_tag and
> Call-ID).
>
> I think this is *VERY* dangerous and I hope I'm wrong.
>
> Would help the dialog module here? does the dialog module check the
> CSeq of the BYE in some way and could it prevent OpenSIPS from
> generating the ACC STOP action? (I don't think so).
>
> Any idea?
>
>
>
>
>   




More information about the Users mailing list