2009/4/29 Alex Balashov <abalas...@evaristesys.com>: > That is a very good point. > > Do you know how the ACC module in Kamailio determines whether to stamp a CDR > as finished? Is it vulnerable to this attack?
Kamailio/openSIPS has a "dialog" module, but it remains being a proxy so, for now, it doesn't check such subjects as correct CSeq value and so. So yes, they are vulnerable to this simple attack. > I would have assumed it is tied to the dialog state and that ACC states are > tethered to dialog module callbacks programmatically. But I am not sure. Acc has nothing to do with "dialog" module (at least for now). You could configure Kamailio/OpenSIPS to acc the BYE when the 200 OK arrives (instead of inmediatelly after BYE), but what about if the gateway is down so an internal 408 is received? Also, the attacker could send a spoofed BYE with the Route or RURI pointing to itself, so he *itself* will receive its own BYE and will reply 200 (acc done in the proxy). Of course the attacker doesn't end the RTP session with the gateway, which didn't receive this BYE. Any required improvement for the "dialog" module in a proxy will get it becoming a B2BUA, it's the only solution for reliable SIP accounting. -- Iñaki Baz Castillo <i...@aliax.net> _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
