[Kamailio-Users] Accounting: How to avoid a fraudulent BYE with lower CSeq?

Klaus Darilion klaus.mailinglists at pernau.at
Tue Dec 23 09:26:39 CET 2008



Juha Heinanen schrieb:
> Iñaki Baz Castillo writes:
> 
>  > - alice sends this BYE:
>  > 
>  >   BYE sip:PSTN_NUMBER at PSTN_GATEWAY SIP/2.0
>  >   Route: <sip:PROXY_IP>
>  >   Route: <sip:alice at ALICE_PHONE_IP>
> 
> in this particular case, you could call to_gw() and find out that
> request is going to gw and, if so, drop the request it is has more than
> one route header (the one for the proxy itself).

Not sure if this is enough - the attacker could omit the Route header 
pointing to the proxy. Maybe the check should use $dd which is set if 
another Route header is present.

regard
klaus




More information about the Users mailing list