Thanks for the reply. If your answers are the case then I am confused.
There are three cases you can paint when the 5060 port is idle: 1) some other network element tries to establish an inbound TCP connection to 5060 (for example) on my machine and 2) some bad program on my machine tries to establish an outbound TCP connection to a legitimate SIP element, and 3) some other network element tries to establish a connection (inbound or outbound) with a bad program on my machine. In the first case, there is no program listening on 5060 since the port is free so the connection will not happen. In the second case, you have established that the user must be authenticated (except in the case of proxy-to-proxy) so that should presumably prevent bad things from happening except in the one case. In the third case, you probably have some kind of virus infestation or something really bad since a bad program is cooperating with a "bad" network element. So, the only real issue here is that proxy-to-proxy TCP connections *may* be hijacked by some bad program on the initiator's proxy device? How realistic is this? I mean, proxies are likely to have the 5060 port open all the time anyway and even if they reboot or something, how many proxies are there that aren't going to be under pretty tight security to prevent a bad program from appearing? Is this enough to disallow the use of a bidirectional TCP connection in all cases? Speaking as a UA implementer (which I often do ;) ) maintaining a single TCP connection with my first proxy hop is easier to implement so why be so draconian because of one case? It seems like you should address the one case if it's a problem rather than just shutting down the general mechanism for everybody. Thanks, FM -----Original Message----- From: Vijay K. Gurbani [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 18, 2007 1:06 PM To: Frank W. Miller Cc: [email protected] Subject: Re: [Sip] sip tcp connection Frank W. Miller wrote: > > I've heard reference to this security issue in the past but have just > gone and read it for the first time, Section 9.3 right? I'm not sure > I completely understand it. Are you saying that another program can > hijack the connection once the legitimate SIP user is not present on > the connection anymore? Yes. > Would not the legitimate user have torn down the TCP connection > when it exited? Yes; thereby making the default port (5060) available for other processes. > Wouldn't the TCP connection require authentication when it was > reestablished? If it is between a UA and a registrar, it should. If it is between a UA and a default outbound proxy, it should. But if it is with another proxy, then there isn't any authentication. - vijay -- Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent 2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA) Email: [EMAIL PROTECTED],bell-labs.com,acm.org} WWW: http://www.alcatel-lucent.com/bell-labs _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
