[Asterisk-Dev] Security issue mumblings
Kevin P. Fleming
kpfleming at digium.com
Mon Nov 7 07:44:46 MST 2005
Tilghman Lesher wrote:
> In terms of SIP, the modification might be as simple as never sending
> an ACK to a 200, thereby never notifying the remote end that the
> answer is confirmed. How that violation of the SIP spec is handled is
> obviously implementation-defined.
Bingo! The apparent situation is that some softswitches don't start the
billing for the call until the ACK is received.
More information about the asterisk-dev
mailing list