Jinsong Hu wrote:
Hi, One of the biggest problem with VOIP service is how to defend against unlimited usage. openning the SIP to an end user is pretty scary thing as the following 3 things could happen:
- people uses the same username/password for multiple phone. This is
addressed by one discussion thread in this mailing list, basically, forwarding the traffic to the last registered AOR using
modparam("usrloc", "desc_time_order", 1) modparam("registrar", "append_branches", 0)
you can also use http://www.kamailio.org/docs/modules/1.5.x/registrar.html#id2530309 with the flag 0x04
But this limits only the number of registered user. By default, also unregistered clients can perform calls.
To allow only calls from registered clients you can verify the caller against http://www.kamailio.org/docs/modules/1.5.x/registrar.html#id2530856
see examples at: http://openser.blogspot.com/2008/10/registrar-enhancements.html
- people can use a single username/password , but uses it as a trunk, so
they run multiple channels of voice call . With this they can run up thousands of dollars of bills on the kamailio owner. There are suggestion that we use dialog module to limit it. However no sample code is given. this is a sample code I googled: if ( avp_check("$DLG_count", "gt/i:10") ) { sl_send_reply("403","no more calls accepted"); exit; } but looks DLG_count is a global variable. Does any body have a better example ?
- even if with single channel of communication, if somebody still run the
channel in a shared environment, in theory, they can call 60*24*30 minutes=43200 minutes a month. take a cheap wholesale cost of 1 cent per minute, this will run to $432 per month for the kamailio owner. there is no way a voip operator can charge $432 for a user in current market. so most of the carrier will limit monthly usage to 2500 minutes per month. I searched kamailio modules, I can't find any easy way to do it. does anybody have a good solution ?
This is something the SIP proxy can not prevent. The SIP proxy is just the "switch". You further need a billing system which rates the calls and also - if a user exceeds a certain limit - locks the user's account. And for every call setup, the SIP proxy does not only verify the password, but also "asks" the billing system if the user is allowed to perform phone calls.
regards klaus
Jimmy.
Kamailio (OpenSER) - Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users http://lists.openser-project.org/cgi-bin/mailman/listinfo/users