[Kamailio-Users] Accounting: How to avoid a fraudulent BYE with lower CSeq?
miconda at gmail.com
Sun Dec 21 09:02:18 CET 2008
On 12/20/08 17:19, Juha Heinanen wrote:
> Daniel-Constantin Mierla writes:
> > I believe in this cases an important aspect is to be sure you can
> > identify the attacker. It is hard to prevent all people can think of,
> > but when detecting one case, being able to get the guilty is very
> > important. Also, at that time, you can add the logic to prevent further
> > exposure to same attack.
> this sounds like the ever lasting story of fixing security holes in
> internet explorer.
> i don't think it is a vice path to take.
> better to proxy all media if accounting cannot be done in the
> gateways. and then we have reinvented pstn ...
you are right with media based session and calls to gateways, but
sometime could be the case of accounting other types of sessions/sip
messages. When the value is transmitted via signaling, that has to be
stored somehow, b2bua is ultimate solution and the safest.
More information about the Users