Jinsong Hu wrote:
Hi,
One of the biggest problem with VOIP service is how to defend against
unlimited usage. openning the SIP to an end user is pretty scary thing as
the following 3 things could happen:
1. people uses the same username/password for multiple phone. This is
addressed by one discussion thread in this mailing list, basically,
forwarding the traffic to the last registered AOR using
modparam("usrloc", "desc_time_order", 1)
modparam("registrar", "append_branches", 0)
you can also use
http://www.kamailio.org/docs/modules/1.5.x/registrar.html#id2530309
with the flag 0x04
But this limits only the number of registered user. By default, also
unregistered clients can perform calls.
To allow only calls from registered clients you can verify the caller
against
http://www.kamailio.org/docs/modules/1.5.x/registrar.html#id2530856
see examples at:
http://openser.blogspot.com/2008/10/registrar-enhancements.html
2. people can use a single username/password , but
uses it as a trunk, so
they run multiple channels of voice call . With this they can run up
thousands of dollars of bills on the kamailio owner. There are suggestion
that we use dialog module to limit it. However no sample code is given.
this is a sample code I googled:
if ( avp_check("$DLG_count", "gt/i:10") ) {
sl_send_reply("403","no more calls accepted");
exit;
}
but looks DLG_count is a global variable. Does any body have a better
example ?
3. even if with single channel of communication, if somebody still run the
channel in a shared environment, in theory, they can call 60*24*30
minutes=43200 minutes a month. take a cheap wholesale cost of 1 cent per
minute, this will run to $432 per month for the kamailio owner. there is no
way a voip operator can charge $432 for a user in current market. so most of
the carrier will limit
monthly usage to 2500 minutes per month. I searched kamailio modules, I
can't find any easy way
to do it. does anybody have a good solution ?
This is something the SIP proxy can not prevent. The SIP proxy is just
the "switch". You further need a billing system which rates the calls
and also - if a user exceeds a certain limit - locks the user's account.
And for every call setup, the SIP proxy does not only verify the
password, but also "asks" the billing system if the user is allowed to
perform phone calls.
regards
klaus
Jimmy.
_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users