[Serusers] authenticating BYE messages
Jiri Kuthan
jiri at iptel.org
Tue Mar 30 06:57:23 CEST 2004
checking from against digest credentials takes first verifying the
digest credentials with proxy_authenticate().
Note that this works for single domain. You can't really authenticate
a BYE if the party that hangs up is from some other adminsitrative
domain.
-jiri
At 11:17 PM 3/29/2004, Ticknor.Scott at ic.gc.ca wrote:
>my lab partner & i have found that if we sniff an ACK message during call
>setup and extract the call tag and id, then we can arbitrarily hang up the
>call from our java attack generator. i thought about adding some logic to
>ser.cfg to process BYEs. is there an easy way to authenticate the BYE? i
>have something like the following in ser.cfg, but it seems to have no effect
>
>if (method=="BYE") {
> if (!check_from()) {
> ...etc
> };
>};
>
>thanks,
>scott
>DSi
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
--
Jiri Kuthan http://iptel.org/~jiri/
More information about the sr-users
mailing list