I would answer do not account on a non-dialog aware proxy..... 2008/12/18 Iñaki Baz Castillo <i...@aliax.net>
> Hi, I really wonder how vulnerable can be a proxy for accounting > purposes (even if I already know it's commonly implemented). > Theorically a proxy doesn't need to be dialog aware, it must be > transaction aware, so when an INVITE/CANCEL/BYE arrives it sends the > accounting info (for example, using Radius). > > Let me explain the following case: > > > -------------------------------------------------------------------------- > alice proxy (Acc) gateway > > INVITE (CSeq 12) ------> > <-------- 407 Proxy Auth > > INVITE (CSeq 13) ------> > INVITE (CSeq 13) ------> > <------------------- 200 Ok > <------------------- 200 Ok > << Acc START >> > ACK (CSeq 13) -----------> > ACK (CSeq 13) -----------> > > <******************* RTP ************************> > > # Fraudulent BYE !!! > BYE (CSeq 10) -----------> > << Acc STOP >> > BYE (CSeq 10) -----------> > <-- 500 Req Out of Order > <-- 500 Req Out of Order > -------------------------------------------------------------------------- > > The call hasn't finished, but the proxy has ended the accounting for > this call since it received a BYE. > > So, the caller/attacker just needs to send a BYE with lower CSeq (or > the same as the last in-dialog request) so the UAS will ignore it (500 > "Request Out Of Order"). But since the proxy doesn't know about > dialogs, it will perform the Acc STOP action for that call (From_tag, > To_tag, Call-ID). > > > How could a non dialog awareness proxy solve it? > > > -- > Iñaki Baz Castillo > <i...@aliax.net> > > _______________________________________________ > Sip-implementors mailing list > Sip-implementors@lists.cs.columbia.edu > https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
