hi Francios,
Surely if you correlate the signallng with the initial media stream from the endpoint as Jonathan mentioned in his original email a couple of weeks ago then you will know that that there has been a problem and you would not pick up the call and you might report the call to the appropriate authorities who could then trace the call potentailly.
Quite how this correlation takes place is not 100% clear to me as yet, but I'm thinking on it.
Tony
This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery.
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. •
To: "Jon Peterson" <[email protected]>, "Elwell, John" <[email protected]>, "Dean Willis" <[email protected]>
From: "Francois Audet" <[email protected]>
Sent by: [email protected]
Date: 04/10/2009 04:43PM
cc: Cullen Jennings <[email protected]>, [email protected], "DRAGE, Keith \(Keith\)" <[email protected]>
Subject: Re: [Sip] francois' comments and why RFC4474 not used in the field
Right, the signalling gets impersonated, but not the media.
So the only practical thing that can be done by the attacker
is interup media.
> -----Original Message-----
> From: Jon Peterson [mailto:[email protected]]
> Sent: Friday, April 10, 2009 12:28
> To: Audet, Francois (SC100:3055); Elwell, John; Dean Willis
> Cc: Cullen Jennings; [email protected]; DRAGE,Keith (Keith)
> Subject: Re: [Sip] francois' comments and why RFC4474 not
> used in the field
>
> If I may quibble here:
>
> > The attack is not impersonation, it's interruption of media.
>
> The attack relies on impersonation to accomplish interruption
> of media. The attacker listens to Alice's INVITE, and then
> sends a cut-and-pasted re-INVITE saying "This is Alice again,
> would you mind sending my media here instead please."
> Impersonation is almost always a tool that attackers use to
> accomplish some particular goal, even if it's just tricking
> you into accepting unwanted communications. I'm not sure I'd
> say impersonation is an attack as such, but by preventing it,
> we prevent whole categories of attacks and grant ourselves
> more powers in crafting authorization policies.
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [email protected] for questions on current sip
Use [email protected] for new developments on the application of sip
_______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
