On Thursday 18 December 2008, Iñaki Baz Castillo wrote: > Hi, I really wonder how vulnerable can be a proxy for accounting > purposes (even if I already know it's commonly implemented). > Theorically a proxy doesn't need to be dialog aware, it must be > transaction aware, so when an INVITE/CANCEL/BYE arrives it sends the > accounting info (for example, using Radius). > > Let me explain the following case: > # Fraudulent BYE !!! > BYE (CSeq 10) -----------> > << Acc STOP >> > BYE (CSeq 10) -----------> > <-- 500 Req Out of Order > <-- 500 Req Out of Order > -------------------------------------------------------------------------- > > The call hasn't finished, but the proxy has ended the accounting for > this call since it received a BYE.
If you want to keep doing accounting on the proxy, there are (at least) 2 ways to make this less likely to happen. First, BYE should be authenticated. Second, you should stop accounting on receiving the response on the BYE (200 OK) instead of on receipt of the request. -- Met vriendelijke groet, Alex Hermann SpeakUp T: 088-SPEAKUP (088-7732587) F: 088-7732588 _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
