El Viernes, 6 de Noviembre de 2009, Klaus Darilion escribió:
I do not remember anymore in detail, but I think by spoofing aliases (and the proxy accepts the spoofed alias) it could be possible to intercept SIP messages which are targeted to another user/client behind the same NAT.
ok.
What about if the server doesn't challenge the client? XDD
No problem - at least for xlite. It does:
- REGISTER with local socket
- 407
- REGISTER with local socket
- 200 ok (learn public socket)
- deREGISTER local socket
- 200 ok
- REGISTER with public socket
- 200 ok
That's really ugly! XDD
However, the fact is that during a TCP dialog there "should" exist *two* TCP connections (assuming binding port = 5060):
a) UA:random_port - Proxy:5060 b) Proxy:random_port - UA:5060
that's the broken idea of RFC 3261.
It's not a broken idea since in IETF world there is no NAT. But yes, the fact is that it's ridiculous!!! How is possible that a TCP communication between two nodes could require two TCP connections??? Terrible design...
In fact that will never work due to NAT/FW. The un-standardized approaches are described above and work well. The standardized approach would be sip-outbound, which gives the same result than the un-standardized approach.
The only difference is that the un-standardized approach forcing the same standardized approach without requiring "alias" parameter in Via header :)
Thanks.