[OpenSIPS-Users] Accounting: How to avoid a fraudulent BYE with lower CSeq?

Iñaki Baz Castillo ibc at aliax.net
Thu Dec 18 12:39:24 CET 2008


2008/12/18 Iñaki Baz Castillo <ibc at aliax.net>:
> The call hasn't finished, but OpenSIPS has ended the accounting for
> this call since it received a BYE. And this BYE will generate a
> correct ACC Stop action (since it matches From_tag, To_tag and
> Call-ID).
>
> I think this is *VERY* dangerous and I hope I'm wrong.
>
> Would help the dialog module here? does the dialog module check the
> CSeq of the BYE in some way and could it prevent OpenSIPS from
> generating the ACC STOP action? (I don't think so).


I've also asked in SIP-implementors and an idea could be generating
the ACC STOP action when receiving the 200 OK for the BYE (and not
when receiving the BYE itself). Of course this will be valid when the
gateway is the recipient of the BYE (and we know the gateway is not an
"attacker"), but this is not valid when the recipient of the BYE is an
user since it could send no reply for the BYE.

The only solution I see is:

- Using the dialog module, OpenSIPS should check if the CSeq value in the BYE.
  1) OpenSIPs should forward the BYE just in case the CSeq is higher
than the actual CSeq for this dialog direction.
  2) OpenSIPs should generate the ACC STOP action just in case the
CSeq is higher than the actual CSeq for this dialog direction.

Both 1) and 2) are needed since a gateway could accept a BYE with
wrong CSeq. In this case the call is ended but the accounting STOP
action doesn't exist (infinite call).


But I think this is too complex, isn't it?



-- 
Iñaki Baz Castillo
<ibc at aliax.net>


More information about the Users mailing list