Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Hey @vingarzan
Normally, the IMS P-CSCF should identify the clients (UEs) by the received IP address and ports on Rx
Can you please point me to a specification where it states this?
I don't have a link... but it seems logical to me. Imagine a scenario where Alice is registered. She then proceeds to send an MESSAGE with Contact: bob, Via: bob. If we identify the UE by the Contact or Via, we've just let an impersonation attack go through.
Sure, there are a lot of things that need to be faked, etc, but from a security stand-point, I'm thinking that the P-CSCF should only identify the UE based on the source IP address and port of the SIP package. The IPsec functionality must also ensure that the UE didn't do IP spoofing (e.g. Alice injected a packet on her SPI, with a source IP from Bob, which is normally prevented by EPC/5GC).
P.S. My PR is not trying to get compliance with this whole point. I'm actually offloading the IPsec work to an external entity, which guarantees that the bottom Via is not spoofed. So I'm adding an optional "trust-the-bottom-Via" flag.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.