[SR-Users] ACC module and BYE attacks

Alex Balashov abalashov at evaristesys.com
Tue Nov 1 07:54:05 CET 2016


On 11/01/2016 02:43 AM, Gholamreza Sabery wrote:

> If you enable acc module to log CDR data into a database a user can send
> an infinite number of BYE requests to the server and all of them will be
> logged into the database as "481 Call/transaction does not exist"! How
> can we prevent this?

Don't do accounting for BYEs if they don't correspond to a tracked 
dialog, or add a composote unique constraint on Call-ID + some other 
column in your database to prevent the insertion of additional events.

-- 
Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 (direct) / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/



More information about the sr-users mailing list