[Serusers] Trusted IP and security.

Kiss Karoly karcsi at tvnetwork.hu
Wed Feb 2 09:48:58 CET 2005


Hi,

If the attacker can get his hands on a router between the proxy and the
user agent then he can make the proxy believe he *IS* the trusted
endpoint.
And let's not forget a DOS attack, which can be achieved by simply sending
spoofed packets and use up the resources of the proxy ...

Regards

Kiss Karoly

On Tue, 1 Feb 2005, Tom Lowe wrote:

> Date: Tue, 1 Feb 2005 15:18:10 -0500
> From: Tom Lowe <tom at comprotech.com>
> To: serusers at lists.iptel.org
> Subject: [Serusers] Trusted IP and security.
>
> Hi all.
>
> I have a "security" question regarding "trusted IP's".   Is it possible
> for someone to SUCCESSFULLY spoof an IP and actually make working calls?
>
> For example, '10.10.10.10' sends calls to SER (or any other proxy
> server) at 20.20.20.20, but actually spoofs the IP by sending an IP
> address of 30.30.30.30, which happens to be trusted by the SER at
> 20.20.20.20.
>
> I ask because I'm having a discussion with a vendor who is trying to
> tell me that using trusted IP's for SIP validation is insecure and
> easily hacked.  I don't think it is because when SER gets an INVITE from
> 30.30.30.30, it is going to send it's progress messages to 30.30.30.30,
> regardless of the contents of the SIP messages....so the spoofer at
> 10.10.10.10 won't get any of the progress messages, and more importantly
> won't be able to establish a talk path.   I suspect he may still cause
> SER to initiate some brief outbound calls, but they should fail when the
> SIP protocol falls apart.
>
> Does anyone have any thoughts on this?
>
> Tom
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>




More information about the sr-users mailing list