[Serusers] Trusted IP and security.
Iqbal Gandham
iqbal at gigo.co.uk
Mon Feb 7 02:09:58 CET 2005
but as mitnick showed us, sequence numbers can also be guessed :-)...or
should I say calculated, especially on some OS whos randomness is pretty
poor.
As for using trusted IP, well not a good idea, look at IP packet if you
change the route path, you could get the return message to be routed via
your untrusted IP address, hence in theory u could listen: get the RTP
stream, lookup source routing in IP packets,
Iqbal
Klaus Darilion wrote:
> I wouldn't do that with UDP - although the spoofer can not receive your
> responses, it can send an INVITE which will setup a call (which might
> cost $$$$).
>
> using TCP is safer as for setting up the handshake also sequence number
> guessing is necessary.
>
> regards
> klaus
>
> Tom Lowe wrote:
>
>> Hi all.
>>
>> I have a "security" question regarding "trusted IP's". Is it possible
>> for someone to SUCCESSFULLY spoof an IP and actually make working calls?
>>
>> For example, '10.10.10.10' sends calls to SER (or any other proxy
>> server) at 20.20.20.20, but actually spoofs the IP by sending an IP
>> address of 30.30.30.30, which happens to be trusted by the SER at
>> 20.20.20.20.
>>
>> I ask because I'm having a discussion with a vendor who is trying to
>> tell me that using trusted IP's for SIP validation is insecure and
>> easily hacked. I don't think it is because when SER gets an INVITE from
>> 30.30.30.30, it is going to send it's progress messages to 30.30.30.30,
>> regardless of the contents of the SIP messages....so the spoofer at
>> 10.10.10.10 won't get any of the progress messages, and more importantly
>> won't be able to establish a talk path. I suspect he may still cause
>> SER to initiate some brief outbound calls, but they should fail when the
>> SIP protocol falls apart.
>>
>> Does anyone have any thoughts on this?
>>
>> Tom
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
> .
>
More information about the sr-users
mailing list