[OpenSIPS-Users] Accounting: How to avoid a fraudulent BYE with lower CSeq?
Victor Pascual Ávila
victor.pascual.avila at gmail.com
Sat Dec 20 10:33:49 CET 2008
On Fri, Dec 19, 2008 at 6:10 PM, Bogdan-Andrei Iancu
<bogdan at voice-system.ro> wrote:
> Victor Pascual Ávila wrote:
>>
>> On Fri, Dec 19, 2008 at 3:22 PM, Bogdan-Andrei Iancu
>> <bogdan at voice-system.ro> wrote:
>>
>>>
>>> Hi Iñaki,
>>>
>>> Have you consider requesting auth for the BYE ? from SIP point of view
>>> is perfectly valid....
>>>
>>
>> I'm afraid this would only prevent external attackers but does not
>> protect you from your own customers-- guys who have the credentials
>> and wanna call for free
>>
>
> I guess you are refering to attacks like sending to proxy BYEs with RURI or
> Route info pointing somewhere else than the GW and the proxy will record end
> of call, but the GW does not actually receive a BYE.
>
> Is this correct?
Yes, indeed
--
Victor Pascual Ávila
More information about the Users
mailing list