[Serusers] authenticating BYE messages

Ticknor.Scott at ic.gc.ca Ticknor.Scott at ic.gc.ca
Mon Mar 29 23:17:26 CEST 2004


my lab partner & i have found that if we sniff an ACK message during call
setup and extract the call tag and id, then we can arbitrarily hang up the
call from our java attack generator. i thought about adding some logic to
ser.cfg to process BYEs. is there an easy way to authenticate the BYE? i
have something like the following in ser.cfg, but it seems to have no effect

if (method=="BYE") {
  if (!check_from()) {
    ...etc
  };
};

thanks, 
scott
DSi




More information about the sr-users mailing list