[Kamailio-Users] Accounting: How to avoid a fraudulent BYE with lower CSeq?

Daniel-Constantin Mierla miconda at gmail.com
Thu Jan 8 15:16:04 CET 2009


On 01/07/2009 10:54 AM, Iñaki Baz Castillo wrote:
> 2009/1/7 Jiri Kuthan <jiri at iptel.org>:
>   
>> there are way too many ways how routing logic can be confused to bypass
>> admission control. poisoning user loc, having a DNS name or ENUM entry
>> to point to a gateway (scripting fails to see it as PSTN target and
>> may skip PSTN ACLs), etc. a good thing to do is to use onsend_route
>> and check if someone is trying to use a gateway whilst a call is not
>> being recognized as to a gateway.
>>     
>
> True. I implemented it with OpenSer address blacklists (containing the
> gateways IP's). I just dissable this blacklist when a call goes to a
> PSTN (I decide it by examinating the RURI). In case a user is
> registered with a spoofed Contact like:
>   Contact: sip:+12345678 at FACKED_DOMAIN_POINTING_TO_GW
> then a call to this user will be rejected since the resolved
> destination IP would match the blacklist.
>   
this is falling in the same race as reliability (how many 9es?!?!). 
Questions like how secure is the service and how accurate is the 
accounting are answered with same phrase: how much do you want to invest in?

Probably you will never think of all cases that can occur. Very 
important is to account everything goes on your platform and be able to 
recover when local accounting records does not match with what you get 
from your PSTN termination providers. Then you can correlate CDRs and 
bill properly the user.

Cheers,
Daniel

-- 
Daniel-Constantin Mierla
http://www.asipto.com





More information about the Users mailing list