[Serusers] difference between callsetup asterisk & ser and related security risks
Arne Van Theemsche
arnevt.mailing at evonet.be
Wed Nov 16 14:38:45 CET 2005
Hi,
I've been spending days on tcpdumping callsetups with ser OR asterisk as
registar. This is my conclusion, can somebody confirm this?
On asterisk:
-asterisk maintains 2 independendly sipsessions between 2 clients, where
asterisks stays the contact in the sipheaders.
After picking up the call, asterisk sends an re-invite in the sip-body
(address), and remains the contact for sipmessages.
If someone hangs up, asterisk sends an re-invite to the other party, for
redirecting stream back to asterisk, and then sending the bye to the other
client (the one who didn't hang up).
on ser:
ser receives the invite, looking up the address of the callee, and sending
the invite through to the callee, the contact header allways stays the
caller's uri, but ser put's a record-route in the sipmessage, so that the
bye first is send to the ser machine, and then to the other party.
Am I seeing things correct here?
What are the pro/contra's of both procedures?
Imo gives the asterisk way a lot more overhead, but is more secure (2
clients keep communicating with asterisk, and are unable to fake things
(or less easely), there were an not compliant client can bypass the
record-route of ser, and so avoiding accounting.
Again, am I correct here?
thx
Arne
More information about the sr-users
mailing list