[OpenSIPS-Users] Accounting: How to avoid a fraudulent BYE with lower CSeq?

Jiri Kuthan jiri at iptel.org
Wed Jan 7 02:25:47 CET 2009


authentication does not provide actually value here. dialog would not 
either, since
the same trick can be achieved for example by low max-forwards. IMO the 
proper
choice is accounting from the gateway, which provides the actual service.
A proxy can only provide an approximation which is inherentely to some 
extent
more error-prone than the box doing the actual job.

-jiri

Bogdan-Andrei Iancu wrote:
> Hi Iñaki,
> 
> Have you consider requesting auth for the BYE ? from SIP point of view 
> is perfectly valid....
> 
> Regards,
> Bogdan
> 
> Iñaki Baz Castillo wrote:
>> Hi, I'm thinking in the following flow in which the caller/attacker
>> would get an unlimited call (but a limited CDR duration):
>>
>> --------------------------------------------------------------------------
>> attacker                     OpenSIPS (Acc)                    gateway
>>
>> INVITE (CSeq 12)  ------>
>> <-------- 407 Proxy Auth
>>
>> INVITE (CSeq 13)  ------>
>>                                               INVITE (CSeq 13)  ------>
>>                                               <------------------- 200 Ok
>> <------------------- 200 Ok
>>                           << Acc START >>
>> ACK (CSeq 13) ----------->
>>                                               ACK (CSeq 13) ----------->
>>
>> <******************* RTP ************************>
>>
>> # Fraudulent BYE !!!
>> BYE (CSeq 10) ----------->
>>                           << Acc STOP >>
>>                                               BYE (CSeq 10) ----------->
>>                                               <-- 500 Req Out of Order
>> <-- 500 Req Out of Order
>> --------------------------------------------------------------------------
>>
>> The call hasn't finished, but OpenSIPS has ended the accounting for
>> this call since it received a BYE. And this BYE will generate a
>> correct ACC Stop action (since it matches From_tag, To_tag and
>> Call-ID).
>>
>> I think this is *VERY* dangerous and I hope I'm wrong.
>>
>> Would help the dialog module here? does the dialog module check the
>> CSeq of the BYE in some way and could it prevent OpenSIPS from
>> generating the ACC STOP action? (I don't think so).
>>
>> Any idea?
>>
>>
>>
>>
>>   
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> 



More information about the Users mailing list