On 05-03 09:56, Michael Procter wrote: > Raphael Coeffic wrote: > > Dan Wing wrote: > >> Thanks for publishing that attack. It has similarities with the attack > >> described by Hadriel in > >> http://tools.ietf.org/html/draft-kaplan-sip-baiting-attack. > >> > >> > > Yes, it also modifies part of the request which are not signed by the > > authentication/signature algorithm. I should mention this draft in a > > later version. > > > > However, the goal is not the same. Hadriel's draft is focused on > > impersonation, whereby the other draft is focused on breaking the > > authentication done at the proxy. The second difference is that it > > works right now with any publicly reachable SIP provider. > > > > I'm intrigued by the variation in fig2. How often are you finding two > proxies in different administrative domains that use the same > credentials? Or is the attack more focussed towards Alice using > multiple sets of credentials?
Yes. The scenario in fig2 shows that such attack is possible even if Alice can receive SIP requests from its outbound proxy only (or one of its outbound proxies), either because her phone is configured so or because it is behind NAT. Even if the outbound proxy removes digest credentials that belong to its administrative domain before forwarding SIP requests downstream, you can still obtain digest credentials for another administrative domain through this outbound proxy from Alice if her phone is configured with multiple sets of credentials. If you have a phone which is configured to use two different ITSPs and has two sets of digest credentials then it is most likely vulnerable to this kind of attack. Jan. _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
