On 28/10/16 16:38, Markus wrote:
I'm using Asterisk2Billing (v2.0.16) and it appears to have an
annoying bug. When there are rates for e.g. 44 (UK landline) and 44870
(UK premium) and a fraudster manages to somehow dial 44-870 instead of
44870 the rate for 44 will match, not the one for 44870.
44 is *not* UK landline, you shouldn't even have a rate for it. 44 is
the country code. A (very) brief summary is:
441 Landline
442 Landline
443 Landline (at least for billing)
447 Mobile
4470 Personal rate (rarely used, expensive)
44800/8 Freephone
4484/5 Special Services Lower Rate
4487 Special Services Higher Rate
449 Premium rate
Having a correct rates table / normalising and validating your inputs
(as in FILTER) would both have potentially stopped the attack.
Steve
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
