[SR-Users] Implementation of RFC 5393

Daniel-Constantin Mierla miconda at gmail.com
Wed Oct 21 14:09:27 CEST 2015 

Hello,

checking the IP in the Via headers can be done in config file using a
while loop:

$var(i) = 0;

while($(hdr(Via)[$var(i)])!=$null) {
   # use transformations to extract the IP in $(hdr(Via)[$var(i)]) and
test it against $Ri
   ...
   $var(i) = $var(i)  + 1;
}

Also, checking the max-breadth should be possible in config file --
iirc, Olle played with it at one of the SIPit events I attended, maybe
he can add more details here. I haven't read the RFC 5393 to be able to
provide an example here.

If someone wants to add a module to simplify the config, he/she is
welcome to do it.

Cheers,
Daniel

On 21/10/15 10:35, Guillaume wrote:
> Hi guys,
>
> What do you think about the RFC 5393 on loop detection and
> amplification attack protection?
>
> The RFC is short and still a proposed standard but don't you think it
> could be useful to prevent loop and amplification attack? Because even
> if the max-forward field reduces the loop to ~70 hosts (in most cases)
> with some techniques we could fork the message up to 2^70 messages (as
> described in the RFC) to crash the servers.
>
> Basically the server has to do 2 things:
> * check if it is not already in the via of the message
> * the previous check is not enough as a B2BUA could have replace the
> via headers, so the RFC introduces a new field called max-breadth to
> limit the forking.
>
> I have not seen a lot of implementation of this RFC on the free SIP
> software and I think it could be a good way to improve kamailio making
> a module for it (the easier way to implement this feature I think).
>
> In fact I'm in a research internship about VoIP security and I have
> time to develop such a module for kamailio if you think it's a good
> idea (I'm looking for some security improvements in free software
> solutions so if you have other idea don't hesitate to tell me).
>
> Cheers,
>
>
> Tetram
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20151021/0a6e5984/attachment.html>

More information about the sr-users mailing list