[OpenSER-Users] How to avoid malicious BYE that update accounting "StopTime"?
Jiri Kuthan
jiri at iptel.org
Sun Feb 10 21:46:12 CET 2008
At 18:39 08/02/2008, Alex Balashov wrote:
>On Fri, February 8, 2008 11:17 am, Iñaki Baz Castillo wrote:
>
>> - But now imagine that user B sends a BYE after 2 hours using the same
>> From&To tags and Call-ID. This is terrible!!! OpenSer will notify a
>> "Stop" action
>
>Why would it do that? Call-IDs are supposed to be GUIDs (Globally Unique
>Identifiers) and never reused. You shouldn't really be seeing collisions
>of them on a UA that properly implements the generation algorithm for them
>and fulfills the requirements of the RFC on this point.
You should not, but you do.
Anyhow, I think the confusion is of architectural nature here. IMO, usage-based
charging if placed anywhere than in the place where the charged service is actually
produced and not in a proxy to it, which may not have accurate information. I.e.,
put CDR stuff in PSTN gateway.
-jiri
--
Jiri Kuthan http://iptel.org/~jiri/
More information about the Users
mailing list