[OpenSER-Users] How to avoid malicious BYE that update accounting "StopTime"?

Jiri Kuthan jiri at iptel.org
Sun Feb 10 21:46:12 CET 2008


At 18:39 08/02/2008, Alex Balashov wrote:

>On Fri, February 8, 2008 11:17 am, Iñaki Baz Castillo wrote:
>
>> - But now imagine that user B sends a BYE after 2 hours using the same
>> From&To tags and Call-ID. This is terrible!!!  OpenSer will notify a
>> "Stop" action
>
>Why would it do that?  Call-IDs are supposed to be GUIDs (Globally Unique
>Identifiers) and never reused.  You shouldn't really be seeing collisions
>of them on a UA that properly implements the generation algorithm for them
>and fulfills the requirements of the RFC on this point.

You should not, but you do.

Anyhow, I think the confusion is of architectural nature here. IMO, usage-based 
charging if placed anywhere than in the place where the charged service is actually
produced and not in a proxy to it, which may not have accurate information. I.e.,
put CDR stuff in PSTN gateway.

-jiri



--
Jiri Kuthan            http://iptel.org/~jiri/





More information about the Users mailing list