[OpenSER-Users] How to avoid malicious BYE that update accounting "StopTime"?

Norman Brandinger norm at goes.com
Fri Feb 8 17:28:40 CET 2008


Perhaps modifying the RADIUS update query so that acctstoptime = 0 
before an update is allowed would help.  Using the alternate update 
query you could log malicious update attempts.

Norm

Dan-Cristian Bogos wrote:
> Hi Iñaki,
>
> I would blame the ua sending the false BYE. Usually the BYE packets 
> must be authenticated, therefore coming from a trusted source.
>
> DanB
>
> On Feb 8, 2008 5:17 PM, Iñaki Baz Castillo <ibc at in.ilimit.es 
> <mailto:ibc at in.ilimit.es>> wrote:
>
>     Hi, I use radius accounting with MySQL backend and MediaProxy (to
>     make fix
>     accounting when there is no BYE).
>
>     Imagine this scenario:
>
>     - A calls B. This produces a "Start" acc action, so a SQL INSERT.
>
>     - After 1 minute A crashes (no BYE sent and RTP stop).
>
>     - After 20 secs with no RTP MediaProxy sends an "Update" action to
>     radius
>     server. This generates a SQL UPDATE that sets the StopTime. So
>     finally the
>     call duration is 80 secs (OK).
>
>     - But now imagine that user B sends a BYE after 2 hours using the
>     same From&To
>     tags and Call-ID. This is terrible!!!  OpenSer will notify a
>     "Stop" action to
>     radius server which will do a new SQL UPDATE query setting the
>     StopTime to
>     7201 secs !!!!
>
>     How to avoid it? how to avoid anyone sending a malicious BYE with
>     From&To tags
>     and Call-ID from any other already ended call?
>
>     --
>     Iñaki Baz Castillo
>     ibc at in.ilimit.es <mailto:ibc at in.ilimit.es>
>
>     _______________________________________________
>     Users mailing list
>     Users at lists.openser.org <mailto:Users at lists.openser.org>
>     http://lists.openser.org/cgi-bin/mailman/listinfo/users
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>   





More information about the Users mailing list