IMHO, OpenSER should act on the UPDATE from mediaproxy and kill the dialog by initiating a BYE. But, it is just a proxy and cannot initiate requests, so, the accounting software should watchout for those events and consider only the first "Stop Billing" event and ignore the rest. <br>
<br>Sri.<br><br><br><div class="gmail_quote">On Feb 8, 2008 11:28 AM, Norman Brandinger <<a href="mailto:norm@goes.com">norm@goes.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Perhaps modifying the RADIUS update query so that acctstoptime = 0<br>before an update is allowed would help. Using the alternate update<br>query you could log malicious update attempts.<br><br>Norm<br><div class="Ih2E3d">
<br>Dan-Cristian Bogos wrote:<br>> Hi Iņaki,<br>><br>> I would blame the ua sending the false BYE. Usually the BYE packets<br>> must be authenticated, therefore coming from a trusted source.<br>><br>> DanB<br>
><br>> On Feb 8, 2008 5:17 PM, Iņaki Baz Castillo <<a href="mailto:ibc@in.ilimit.es">ibc@in.ilimit.es</a><br></div><div class="Ih2E3d">> <mailto:<a href="mailto:ibc@in.ilimit.es">ibc@in.ilimit.es</a>>> wrote:<br>
><br>> Hi, I use radius accounting with MySQL backend and MediaProxy (to<br>> make fix<br>> accounting when there is no BYE).<br>><br>> Imagine this scenario:<br>><br>> - A calls B. This produces a "Start" acc action, so a SQL INSERT.<br>
><br>> - After 1 minute A crashes (no BYE sent and RTP stop).<br>><br>> - After 20 secs with no RTP MediaProxy sends an "Update" action to<br>> radius<br>> server. This generates a SQL UPDATE that sets the StopTime. So<br>
> finally the<br>> call duration is 80 secs (OK).<br>><br>> - But now imagine that user B sends a BYE after 2 hours using the<br>> same From&To<br>> tags and Call-ID. This is terrible!!! OpenSer will notify a<br>
> "Stop" action to<br>> radius server which will do a new SQL UPDATE query setting the<br>> StopTime to<br>> 7201 secs !!!!<br>><br>> How to avoid it? how to avoid anyone sending a malicious BYE with<br>
> From&To tags<br>> and Call-ID from any other already ended call?<br>><br>> --<br>> Iņaki Baz Castillo<br></div>> <a href="mailto:ibc@in.ilimit.es">ibc@in.ilimit.es</a> <mailto:<a href="mailto:ibc@in.ilimit.es">ibc@in.ilimit.es</a>><br>
><br>> _______________________________________________<br>> Users mailing list<br>> <a href="mailto:Users@lists.openser.org">Users@lists.openser.org</a> <mailto:<a href="mailto:Users@lists.openser.org">Users@lists.openser.org</a>><br>
<div class="Ih2E3d">> <a href="http://lists.openser.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.openser.org/cgi-bin/mailman/listinfo/users</a><br>><br>><br></div>> ------------------------------------------------------------------------<br>
<div><div></div><div class="Wj3C7c">><br>> _______________________________________________<br>> Users mailing list<br>> <a href="mailto:Users@lists.openser.org">Users@lists.openser.org</a><br>> <a href="http://lists.openser.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.openser.org/cgi-bin/mailman/listinfo/users</a><br>
><br><br><br>_______________________________________________<br>Users mailing list<br><a href="mailto:Users@lists.openser.org">Users@lists.openser.org</a><br><a href="http://lists.openser.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.openser.org/cgi-bin/mailman/listinfo/users</a><br>
</div></div></blockquote></div><br>