[Serusers] Trusted IP and security.

Iqbal Gandham iqbal at gigo.co.uk
Mon Feb 7 02:09:58 CET 2005 

but as mitnick showed us, sequence numbers can also be guessed :-)...or 
should I say calculated, especially on some OS whos randomness is pretty 
poor.

As for using trusted IP, well not a good idea, look at IP packet if you 
change the route path, you could get the return message to be routed via 
your untrusted IP address, hence in theory u could listen: get the RTP 
stream, lookup source routing in IP packets,

Iqbal

Klaus Darilion wrote:
> I wouldn't do that with UDP - although the spoofer can not receive your 
> responses, it can send an INVITE which will setup a call (which might 
> cost $$$$).
> 
> using TCP is safer as for setting up the handshake also sequence number 
> guessing is necessary.
> 
> regards
> klaus
> 
> Tom Lowe wrote:
> 
>> Hi all.
>>
>> I have a "security" question regarding "trusted IP's".   Is it possible
>> for someone to SUCCESSFULLY spoof an IP and actually make working calls?
>>
>> For example, '10.10.10.10' sends calls to SER (or any other proxy
>> server) at 20.20.20.20, but actually spoofs the IP by sending an IP
>> address of 30.30.30.30, which happens to be trusted by the SER at
>> 20.20.20.20.
>>
>> I ask because I'm having a discussion with a vendor who is trying to
>> tell me that using trusted IP's for SIP validation is insecure and
>> easily hacked.  I don't think it is because when SER gets an INVITE from
>> 30.30.30.30, it is going to send it's progress messages to 30.30.30.30,
>> regardless of the contents of the SIP messages....so the spoofer at
>> 10.10.10.10 won't get any of the progress messages, and more importantly
>> won't be able to establish a talk path.   I suspect he may still cause
>> SER to initiate some brief outbound calls, but they should fail when the
>> SIP protocol falls apart.
>>
>> Does anyone have any thoughts on this?
>>
>> Tom
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
> .
>

More information about the sr-users mailing list