Perhaps modifying the RADIUS update query so that acctstoptime = 0 before an update is allowed would help. Using the alternate update query you could log malicious update attempts.
Norm Dan-Cristian Bogos wrote: > Hi Iñaki, > > I would blame the ua sending the false BYE. Usually the BYE packets > must be authenticated, therefore coming from a trusted source. > > DanB > > On Feb 8, 2008 5:17 PM, Iñaki Baz Castillo <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Hi, I use radius accounting with MySQL backend and MediaProxy (to > make fix > accounting when there is no BYE). > > Imagine this scenario: > > - A calls B. This produces a "Start" acc action, so a SQL INSERT. > > - After 1 minute A crashes (no BYE sent and RTP stop). > > - After 20 secs with no RTP MediaProxy sends an "Update" action to > radius > server. This generates a SQL UPDATE that sets the StopTime. So > finally the > call duration is 80 secs (OK). > > - But now imagine that user B sends a BYE after 2 hours using the > same From&To > tags and Call-ID. This is terrible!!! OpenSer will notify a > "Stop" action to > radius server which will do a new SQL UPDATE query setting the > StopTime to > 7201 secs !!!! > > How to avoid it? how to avoid anyone sending a malicious BYE with > From&To tags > and Call-ID from any other already ended call? > > -- > Iñaki Baz Castillo > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > _______________________________________________ > Users mailing list > [email protected] <mailto:[email protected]> > http://lists.openser.org/cgi-bin/mailman/listinfo/users > > > ------------------------------------------------------------------------ > > _______________________________________________ > Users mailing list > [email protected] > http://lists.openser.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.openser.org/cgi-bin/mailman/listinfo/users
