[OpenSER-Users] How to avoid malicious BYE that update accounting "StopTime"?
Dan-Cristian Bogos
danb.lists at googlemail.com
Fri Feb 8 17:24:45 CET 2008
Hi Iñaki,
I would blame the ua sending the false BYE. Usually the BYE packets must be
authenticated, therefore coming from a trusted source.
DanB
On Feb 8, 2008 5:17 PM, Iñaki Baz Castillo <ibc at in.ilimit.es> wrote:
> Hi, I use radius accounting with MySQL backend and MediaProxy (to make fix
> accounting when there is no BYE).
>
> Imagine this scenario:
>
> - A calls B. This produces a "Start" acc action, so a SQL INSERT.
>
> - After 1 minute A crashes (no BYE sent and RTP stop).
>
> - After 20 secs with no RTP MediaProxy sends an "Update" action to radius
> server. This generates a SQL UPDATE that sets the StopTime. So finally the
> call duration is 80 secs (OK).
>
> - But now imagine that user B sends a BYE after 2 hours using the same
> From&To
> tags and Call-ID. This is terrible!!! OpenSer will notify a "Stop" action
> to
> radius server which will do a new SQL UPDATE query setting the StopTime to
> 7201 secs !!!!
>
> How to avoid it? how to avoid anyone sending a malicious BYE with From&To
> tags
> and Call-ID from any other already ended call?
>
> --
> Iñaki Baz Castillo
> ibc at in.ilimit.es
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20080208/8adafb02/attachment.htm>
More information about the sr-users
mailing list