On Apr 18, 2007, at 1:40 PM, Frank W. Miller wrote:
I've heard reference to this security issue in the past but have
just gone
and read it for the first time, Section 9.3 right? I'm not sure I
completely understand it. Are you saying that another program can
hijack
the connection once the legitimate SIP user is not present on the
connection
anymore? Would not the legitimate user have torn down the TCP
connection
when it exited? Wouldn't the TCP connection require authentication
when it
was reestablished? My apologies for my lack of understanding.
There's a couple of ways of looking at it. The one that concerns me
most is what might be called "TCP Hijacking".
http://www.iss.net/security_center/advice/Exploits/TCP/
session_hijacking/default.htm
The idea is that if you authenticate (say, via digest) at the start
of a TCP session, then anybody "on the wire" can easily take over the
session and continue to use it without having to re-authenticate.
TLS pretty much prevents this attack.
Just for fun, I seem to recall back in the days of coaxial ethernet
once seeing an app that would hijack an NFS session to start
returning bogus data to the client. It was great fun to divert
somebody to what appeared to be an empty NFS filesystem where they
expected to find their dissertation research.
--
Dean
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
