Re: [Serusers] Trusted IP and security.

Date: Tue, 1 Feb 2005 15:18:10 -0500 From: Tom Lowe <tom(a)comprotech.com> To: serusers(a)lists.iptel.org Subject: [Serusers] Trusted IP and security. Hi all. I have a "security" question regarding "trusted IP's". Is it possible for someone to SUCCESSFULLY spoof an IP and actually make working calls? For example, '10.10.10.10' sends calls to SER (or any other proxy server) at 20.20.20.20, but actually spoofs the IP by sending an IP address of 30.30.30.30, which happens to be trusted by the SER at 20.20.20.20. I ask because I'm having a discussion with a vendor who is trying to tell me that using trusted IP's for SIP validation is insecure and easily hacked. I don't think it is because when SER gets an INVITE from 30.30.30.30, it is going to send it's progress messages to 30.30.30.30, regardless of the contents of the SIP messages....so the spoofer at 10.10.10.10 won't get any of the progress messages, and more importantly won't be able to establish a talk path. I suspect he may still cause SER to initiate some brief outbound calls, but they should fail when the SIP protocol falls apart. Does anyone have any thoughts on this? Tom _______________________________________________ Serusers mailing list serusers(a)lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers