but as mitnick showed us, sequence numbers can also be guessed :-)...or should I say calculated, especially on some OS whos randomness is pretty poor.
As for using trusted IP, well not a good idea, look at IP packet if you change the route path, you could get the return message to be routed via your untrusted IP address, hence in theory u could listen: get the RTP stream, lookup source routing in IP packets,
Iqbal
Klaus Darilion wrote:
I wouldn't do that with UDP - although the spoofer can not receive your responses, it can send an INVITE which will setup a call (which might cost $$$$).
using TCP is safer as for setting up the handshake also sequence number guessing is necessary.
regards klaus
Tom Lowe wrote:
Hi all.
I have a "security" question regarding "trusted IP's". Is it possible for someone to SUCCESSFULLY spoof an IP and actually make working calls?
For example, '10.10.10.10' sends calls to SER (or any other proxy server) at 20.20.20.20, but actually spoofs the IP by sending an IP address of 30.30.30.30, which happens to be trusted by the SER at 20.20.20.20.
I ask because I'm having a discussion with a vendor who is trying to tell me that using trusted IP's for SIP validation is insecure and easily hacked. I don't think it is because when SER gets an INVITE from 30.30.30.30, it is going to send it's progress messages to 30.30.30.30, regardless of the contents of the SIP messages....so the spoofer at 10.10.10.10 won't get any of the progress messages, and more importantly won't be able to establish a talk path. I suspect he may still cause SER to initiate some brief outbound calls, but they should fail when the SIP protocol falls apart.
Does anyone have any thoughts on this?
Tom
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
.