Re: [OpenSER-Users] How to avoid malicious BYE that update accounting "StopTime"?

On Friday 08 February 2008 17:24:45 Dan-Cristian Bogos wrote:

Hi Iñaki,

I would blame the ua sending the false BYE. Usually the BYE packets must be authenticated, therefore coming from a trusted source.

Do you suggest to ask digest auth for BYE's? what about if I call to an external user?

By using inter-peers relationships (TLS, trusted IP's) is not a solution. Imagine 2 providers (P1 and P2) and 2 users (A user of P1 and B user of P2):

- A user and calls PSTN 1234.

- P1 does a ENUM query that resolves to B@P2.

- The INVITE arrives to P2 which forwards it to B location.

- Call ends.

- After 2 weeks B sends a malicious BYE which will arrive to P1 and UPDATE accounting !!!!