Hi all.
I have a "security" question regarding "trusted IP's". Is it
possible
for someone to SUCCESSFULLY spoof an IP and actually make working calls?
For example, '10.10.10.10' sends calls to SER (or any other proxy
server) at 20.20.20.20, but actually spoofs the IP by sending an IP
address of 30.30.30.30, which happens to be trusted by the SER at
20.20.20.20.
I ask because I'm having a discussion with a vendor who is trying to
tell me that using trusted IP's for SIP validation is insecure and
easily hacked. I don't think it is because when SER gets an INVITE from
30.30.30.30, it is going to send it's progress messages to 30.30.30.30,
regardless of the contents of the SIP messages....so the spoofer at
10.10.10.10 won't get any of the progress messages, and more importantly
won't be able to establish a talk path. I suspect he may still cause
SER to initiate some brief outbound calls, but they should fail when the
SIP protocol falls apart.
Does anyone have any thoughts on this?
Tom