[OpenSIPS-Users] opensips-cp CDR correlation
Dan Pascu
dan at ag-projects.com
Wed Apr 29 13:38:46 CEST 2009
On Wednesday 29 April 2009, Iñaki Baz Castillo wrote:
> Always I hear "billing in a proxy" I must to show an example attack:
>
> Phone1 Proxy Phone2
>
> INVITE CSeq:1 -----> --------------->
> <------------------- <-------- 200 OK
> ACK CSeq:1 --------> --------------->
>
> <################ RTP ##############>
>
> BYE CSeq:1 --------> --------------->
> [ ACC DONE ]
> <------------------- <-- 400 Bad CSeq
>
> ( audio remains )
>
>
>
> For "fixing" this issue, the proxy could generate the accounting just
> after receiving the 200 OK for a BYE. But then we can also play with an
> infinite possibility of spoofed "Route"/"RURI" headers so the BYE is
> send and received by the attacker itself, who replies 200 for the BYE
> (but it mantains the RTP session with Phone2/Gateway.
You can always put a media relay in the media path, which means that when
a BYE is received the media path is interrupted, making any Route/RURI
scheme pointless.
--
Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20090429/01211eae/attachment.htm
More information about the Users
mailing list