Hi,
If the attacker can get his hands on a router between the proxy and the user agent then he can make the proxy believe he *IS* the trusted endpoint. And let's not forget a DOS attack, which can be achieved by simply sending spoofed packets and use up the resources of the proxy ...
Regards
Kiss Karoly
On Tue, 1 Feb 2005, Tom Lowe wrote:
Date: Tue, 1 Feb 2005 15:18:10 -0500 From: Tom Lowe tom@comprotech.com To: serusers@lists.iptel.org Subject: [Serusers] Trusted IP and security.
Hi all.
I have a "security" question regarding "trusted IP's". Is it possible for someone to SUCCESSFULLY spoof an IP and actually make working calls?
For example, '10.10.10.10' sends calls to SER (or any other proxy server) at 20.20.20.20, but actually spoofs the IP by sending an IP address of 30.30.30.30, which happens to be trusted by the SER at 20.20.20.20.
I ask because I'm having a discussion with a vendor who is trying to tell me that using trusted IP's for SIP validation is insecure and easily hacked. I don't think it is because when SER gets an INVITE from 30.30.30.30, it is going to send it's progress messages to 30.30.30.30, regardless of the contents of the SIP messages....so the spoofer at 10.10.10.10 won't get any of the progress messages, and more importantly won't be able to establish a talk path. I suspect he may still cause SER to initiate some brief outbound calls, but they should fail when the SIP protocol falls apart.
Does anyone have any thoughts on this?
Tom
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers