[sr-dev] Implementation of RFC 5393
Guillaume
tetram100 at hotmail.fr
Wed Oct 21 13:46:44 CEST 2015
Hi guys,
What do you think about the RFC 5393 on loop detection and amplification
attack protection?
The RFC is short and still a proposed
standard but don't you think it could be useful to prevent loop and
amplification attack? Because even if the max-forward field reduces the
loop to ~70 hosts (in most cases) with some techniques we could fork the
message up to 2^70 messages (as described in the RFC) to crash the
servers.
Basically the server has to do 2 things:
* check if it is not already in the via of the message
*
the previous check is not enough as a B2BUA could have replaced the via
headers, so the RFC introduces a new field called max-breadth to limit
the forking.
I have not seen a lot of implementation of this RFC
on the free SIP software and I think it could be a good way to improve
kamailio making a module for it (the easier way to implement this
feature I think).
In fact I'm in a research internship about VoIP
security and
I have time to develop such a module for kamailio if you think it's a
good idea (I'm looking for some security improvements in free software
solutions so if you have other idea don't hesitate to tell me).
Cheers,
Tetram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20151021/cf298d0f/attachment.html>
More information about the sr-dev
mailing list