[Serusers] Trusted IP and security.
Klaus Darilion
klaus.mailinglists at pernau.at
Sun Feb 6 23:15:24 CET 2005
I wouldn't do that with UDP - although the spoofer can not receive your
responses, it can send an INVITE which will setup a call (which might
cost $$$$).
using TCP is safer as for setting up the handshake also sequence number
guessing is necessary.
regards
klaus
Tom Lowe wrote:
> Hi all.
>
> I have a "security" question regarding "trusted IP's". Is it possible
> for someone to SUCCESSFULLY spoof an IP and actually make working calls?
>
> For example, '10.10.10.10' sends calls to SER (or any other proxy
> server) at 20.20.20.20, but actually spoofs the IP by sending an IP
> address of 30.30.30.30, which happens to be trusted by the SER at
> 20.20.20.20.
>
> I ask because I'm having a discussion with a vendor who is trying to
> tell me that using trusted IP's for SIP validation is insecure and
> easily hacked. I don't think it is because when SER gets an INVITE from
> 30.30.30.30, it is going to send it's progress messages to 30.30.30.30,
> regardless of the contents of the SIP messages....so the spoofer at
> 10.10.10.10 won't get any of the progress messages, and more importantly
> won't be able to establish a talk path. I suspect he may still cause
> SER to initiate some brief outbound calls, but they should fail when the
> SIP protocol falls apart.
>
> Does anyone have any thoughts on this?
>
> Tom
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
More information about the sr-users
mailing list