On Wednesday 07 January 2009, Iñaki Baz Castillo wrote: > 2009/1/7 Dan Pascu <[email protected]>: > > But then I can send one with the proper ruri, but a different route > > set that puts me in the front of the gateway, so when I receive the > > BYE, instead of forwarding it to the gateway as the route set > > requests, I reply myself with a 200 OK making it look like it came > > from the gateway. > > This could be avoiding by examinating the $dd value. If it's set it > means that a Route header exists, so we could reject the BYE. But this > would break a complex scenario with varios sequential proxies doing > loose-routing.
You can't. I can build a reply that looks genuine. All I have to do is place myself between the proxy and the gateway in the route set and if the proxy doesn't disallow the modified route set it can't tell who gave the 200 OK to the BYE. > > In the end it means, the proxy will have to verify everything (dialog > > identification elements, cseq, ruri, route set) to avoid fraud and > > also wait for a 200 OK, which makes it look more like a b2bua after > > all > > So the conclusion is: a secure CDR system can be only achieved in a > B2BUA between the proxy and the gateway. Is it? Not necessarily. See my other email about proxy generated BYEs or using mediaproxy to break the media path. -- Dan _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
