Michael Procter wrote:
Raphael Coeffic wrote:
Dan Wing wrote:
Thanks for publishing that attack. It has similarities with the attack
described by Hadriel in
http://tools.ietf.org/html/draft-kaplan-sip-baiting-attack.
Yes, it also modifies part of the request which are not signed by the
authentication/signature algorithm. I should mention this draft in a
later version.
However, the goal is not the same. Hadriel's draft is focused on
impersonation, whereby the other draft is focused on breaking the
authentication done at the proxy. The second difference is that it
works right now with any publicly reachable SIP provider.
I'm intrigued by the variation in fig2. How often are you finding two
proxies in different administrative domains that use the same
credentials? Or is the attack more focussed towards Alice using
multiple sets of credentials?
They are not using the same credentials, which is the reason why
'proxy.com' won't remove Alice's credentials from the request, and thus
enable the attack.
I think that the variation in fig3 can be addressed to some degree by
using GRUU, but I don't think that completely solves the problem.
I am not quite sure that I understand how this helps: could you develop
your thoughts a little bit more?
Regards,
Raphael.
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [email protected] for questions on current sip
Use [email protected] for new developments on the application of sip
