[Kamailio-Users] Accounting: How to avoid a fraudulent BYE with lower CSeq?

Iñaki Baz Castillo ibc at aliax.net
Wed Jan 7 09:54:08 CET 2009


2009/1/7 Jiri Kuthan <jiri at iptel.org>:
> there are way too many ways how routing logic can be confused to bypass
> admission control. poisoning user loc, having a DNS name or ENUM entry
> to point to a gateway (scripting fails to see it as PSTN target and
> may skip PSTN ACLs), etc. a good thing to do is to use onsend_route
> and check if someone is trying to use a gateway whilst a call is not
> being recognized as to a gateway.

True. I implemented it with OpenSer address blacklists (containing the
gateways IP's). I just dissable this blacklist when a call goes to a
PSTN (I decide it by examinating the RURI). In case a user is
registered with a spoofed Contact like:
  Contact: sip:+12345678 at FACKED_DOMAIN_POINTING_TO_GW
then a call to this user will be rejected since the resolved
destination IP would match the blacklist.

Regards.

-- 
Iñaki Baz Castillo
<ibc at aliax.net>


More information about the sr-users mailing list