[Kamailio-Users] SIP Digest Access Authentication RELAY survey
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Jan 15 10:48:53 CET 2009
IIRC to solve this issue completely the UAC should never send
credentials to unknown parties - only to its SIP proxy (some clients
have a "force outbound proxy" feature which does the same). Then the SIP
proxy can remove credentials before forwarding to other parties.
As soon as a client send messages (with credentials) directly to other
parties there is nothing you can do on the proxy side.
regards
klaus
Victor Pascual Ávila schrieb:
> Hi,
> excuse me if this message is not directly related to Kamailio.
>
> I'm just wondering if folks could share with me if (and how) they have
> prevented the "SIP Digest Access Authentication RELAY" in their
> networks (and what worked for them or not).
> NAT boxes reduce dramatically the scenarios for a successful attack.
> Otherwise, some might be mitigating the attack by means of forcing UAs
> to use outbound proxies while others might be reducing the attack
> incentives by means of message integrity.
>
> Any comment would be appreciated,
More information about the Users
mailing list