[SR-Users] Implementation of RFC 5393

Guillaume tetram100 at hotmail.fr
Wed Oct 21 10:35:00 CEST 2015


Hi guys,

What do you think about the RFC 5393 on loop detection and amplification
 attack protection? 

The RFC is short and still a proposed standard but don't you think it could be useful to prevent loop and amplification attack? Because even if the max-forward field reduces the loop to ~70 hosts (in most cases) with some techniques we could fork the message up to 2^70 messages (as described in the RFC) to crash the servers.

Basically the server has to do 2 things:
* check if it is not already in the via of the message
* the previous check is not enough as a B2BUA could have replace the via headers, so the RFC introduces a new field called max-breadth to limit the forking.

I have not seen a lot of implementation of this RFC on the free SIP software and I think it could be a good way to improve kamailio making a module for it (the easier way to implement this feature I think).

In fact I'm in a research internship about VoIP security and
 I have time to develop such a module for kamailio if you think it's a 
good idea (I'm looking for some security improvements in free software solutions so if you have other idea don't hesitate to tell me).

Cheers,


Tetram
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20151021/24a22851/attachment.html>


More information about the sr-users mailing list