checking from against digest credentials takes first verifying the digest credentials with proxy_authenticate().

Note that this works for single domain. You can't really authenticate a BYE if the party that hangs up is from some other adminsitrative domain.

-jiri

At 11:17 PM 3/29/2004, Ticknor.Scott@ic.gc.ca wrote:

my lab partner & i have found that if we sniff an ACK message during call setup and extract the call tag and id, then we can arbitrarily hang up the call from our java attack generator. i thought about adding some logic to ser.cfg to process BYEs. is there an easy way to authenticate the BYE? i have something like the following in ser.cfg, but it seems to have no effect

if (method=="BYE") { if (!check_from()) { ...etc }; };

thanks, scott DSi

---

Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers

-- Jiri Kuthan http://iptel.org/~jiri/