Right, the signalling gets impersonated, but not the media. So the only practical thing that can be done by the attacker is interup media.
> -----Original Message----- > From: Jon Peterson [mailto:[email protected]] > Sent: Friday, April 10, 2009 12:28 > To: Audet, Francois (SC100:3055); Elwell, John; Dean Willis > Cc: Cullen Jennings; [email protected]; DRAGE,Keith (Keith) > Subject: Re: [Sip] francois' comments and why RFC4474 not > used in the field > > If I may quibble here: > > > The attack is not impersonation, it's interruption of media. > > The attack relies on impersonation to accomplish interruption > of media. The attacker listens to Alice's INVITE, and then > sends a cut-and-pasted re-INVITE saying "This is Alice again, > would you mind sending my media here instead please." > Impersonation is almost always a tool that attackers use to > accomplish some particular goal, even if it's just tricking > you into accepting unwanted communications. I'm not sure I'd > say impersonation is an attack as such, but by preventing it, > we prevent whole categories of attacks and grant ourselves > more powers in crafting authorization policies. _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
