Hi guys,
What do you think about the RFC 5393 on loop detection and
amplification attack protection?
The RFC is short and still a proposed standard but don't you
think it could be useful to prevent loop and amplification
attack? Because even if the max-forward field reduces the loop
to ~70 hosts (in most cases) with some techniques we could fork
the message up to 2^70 messages (as described in the RFC) to
crash the servers.
Basically the server has to do 2 things:
* check if it is not already in the via of the message
* the previous check is not enough as a B2BUA could have replace
the via headers, so the RFC introduces a new field called
max-breadth to limit the forking.
I have not seen a lot of implementation of this RFC on the free
SIP software and I think it could be a good way to improve
kamailio making a module for it (the easier way to implement
this feature I think).
In fact I'm in a research internship about VoIP security and I
have time to develop such a module for kamailio if you think
it's a good idea (I'm looking for some security improvements in
free software solutions so if you have other idea don't hesitate
to tell me).
Cheers,
Tetram
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users