[Serusers] authenticating BYE messages
Maxim Sobolev
sobomax at portaone.com
Tue Mar 30 13:28:16 CEST 2004
Andrei Pelinescu-Onciul wrote:
> On Mar 30, 2004 at 10:55, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>
>>You can disable UDP - that prevents from faked messages, but causes lots
>>of interoperability problems.
>
>
> Disabling UDP won't prevent faked messages. You don't have to inject the
> faked message into the same tcp connection (which would be difficult).
> You can open another tcp connection and send the faked BYE on it. There
> is nothing that would prevent this (and there are/were some UAs that
> opened a different tcp connection for each request).
Actually the problem is not only with BYE. If you can sniff SIP flow
between two UAs (it is necessary to extract proper sequence number,
call-id and tags), then you can inject false replies into any
transaction in progress. For example by sending such final negative
reply to an INVITE you can abort the call in the very beginning, by
sending 302 you can divert caller to another person without him even
noticing, etc. And while theoretically you can authenticate BYEs if
UA/proxy support that, there is no way to authenticate replies at all.
Therefore, the only way to secure SIP signaling from eavesdropper is to
use some form of TLS security, that is to encrypt all SIP flow between
UA and proxy, so that there is no way to extract information necessary
for constructing fake requests and replies without breaking underlying
encryption algorithm.
-Maxim
More information about the sr-users
mailing list