8 Jan
2009
8 Jan
'09
4:16 p.m.
On 01/07/2009 10:54 AM, IƱaki Baz Castillo wrote:
2009/1/7 Jiri Kuthan <jiri(a)iptel.org>rg>:
this is falling in the same race as reliability (how many 9es?!?!).
Questions like how secure is the service and how accurate is the
accounting are answered with same phrase: how much do you want to invest in?
Probably you will never think of all cases that can occur. Very
important is to account everything goes on your platform and be able to
recover when local accounting records does not match with what you get
from your PSTN termination providers. Then you can correlate CDRs and
bill properly the user.
Cheers,
Daniel
--
Daniel-Constantin Mierla
http://www.asipto.com
there are way too many ways how routing logic can
be confused to bypass
admission control. poisoning user loc, having a DNS name or ENUM entry
to point to a gateway (scripting fails to see it as PSTN target and
may skip PSTN ACLs), etc. a good thing to do is to use onsend_route
and check if someone is trying to use a gateway whilst a call is not
being recognized as to a gateway.
True. I implemented it with OpenSer address blacklists (containing the
gateways IP's). I just dissable this blacklist when a call goes to a
PSTN (I decide it by examinating the RURI). In case a user is
registered with a spoofed Contact like:
Contact: sip:+12345678@FACKED_DOMAIN_POINTING_TO_GW
then a call to this user will be rejected since the resolved
destination IP would match the blacklist.