[OpenSIPS-Users] Accounting: How to avoid a fraudulent BYE with lower CSeq?

Bogdan-Andrei Iancu bogdan at voice-system.ro
Fri Dec 19 18:10:06 CET 2008


Victor Pascual Ávila wrote:
> On Fri, Dec 19, 2008 at 3:22 PM, Bogdan-Andrei Iancu
> <bogdan at voice-system.ro> wrote:
>   
>> Hi Iñaki,
>>
>> Have you consider requesting auth for the BYE ? from SIP point of view
>> is perfectly valid....
>>     
>
> I'm afraid this would only prevent external attackers but does not
> protect you from your own customers-- guys who have the credentials
> and wanna call for free
>   

I guess you are refering to attacks like sending to proxy BYEs with RURI 
or Route info pointing somewhere else than the GW and the proxy will 
record end of call, but the GW does not actually receive a BYE.

Is this correct?

Regads,
Bogdan



More information about the Users mailing list