[Serusers] authenticating BYE messages
Klaus Darilion
klaus.mailinglists at pernau.at
Tue Mar 30 10:55:37 CEST 2004
You can disable UDP - that prevents from faked messages, but causes lots
of interoperability problems.
klaus
Ticknor.Scott at ic.gc.ca wrote:
> my lab partner & i have found that if we sniff an ACK message during call
> setup and extract the call tag and id, then we can arbitrarily hang up the
> call from our java attack generator. i thought about adding some logic to
> ser.cfg to process BYEs. is there an easy way to authenticate the BYE? i
> have something like the following in ser.cfg, but it seems to have no effect
>
> if (method=="BYE") {
> if (!check_from()) {
> ...etc
> };
> };
>
> thanks,
> scott
> DSi
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
More information about the sr-users
mailing list