[OpenSER-Users] How to avoid malicious BYE that update accounting "StopTime"?
Norman Brandinger
norm at goes.com
Fri Feb 8 17:28:40 CET 2008
Perhaps modifying the RADIUS update query so that acctstoptime = 0
before an update is allowed would help. Using the alternate update
query you could log malicious update attempts.
Norm
Dan-Cristian Bogos wrote:
> Hi Iñaki,
>
> I would blame the ua sending the false BYE. Usually the BYE packets
> must be authenticated, therefore coming from a trusted source.
>
> DanB
>
> On Feb 8, 2008 5:17 PM, Iñaki Baz Castillo <ibc at in.ilimit.es
> <mailto:ibc at in.ilimit.es>> wrote:
>
> Hi, I use radius accounting with MySQL backend and MediaProxy (to
> make fix
> accounting when there is no BYE).
>
> Imagine this scenario:
>
> - A calls B. This produces a "Start" acc action, so a SQL INSERT.
>
> - After 1 minute A crashes (no BYE sent and RTP stop).
>
> - After 20 secs with no RTP MediaProxy sends an "Update" action to
> radius
> server. This generates a SQL UPDATE that sets the StopTime. So
> finally the
> call duration is 80 secs (OK).
>
> - But now imagine that user B sends a BYE after 2 hours using the
> same From&To
> tags and Call-ID. This is terrible!!! OpenSer will notify a
> "Stop" action to
> radius server which will do a new SQL UPDATE query setting the
> StopTime to
> 7201 secs !!!!
>
> How to avoid it? how to avoid anyone sending a malicious BYE with
> From&To tags
> and Call-ID from any other already ended call?
>
> --
> Iñaki Baz Castillo
> ibc at in.ilimit.es <mailto:ibc at in.ilimit.es>
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org <mailto:Users at lists.openser.org>
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>
More information about the sr-users
mailing list