Andrei Pelinescu-Onciul wrote:
On Mar 30, 2004 at 10:55, Klaus Darilion klaus.mailinglists@pernau.at wrote:
You can disable UDP - that prevents from faked messages, but causes lots of interoperability problems.
Disabling UDP won't prevent faked messages. You don't have to inject the faked message into the same tcp connection (which would be difficult). You can open another tcp connection and send the faked BYE on it. There is nothing that would prevent this (and there are/were some UAs that opened a different tcp connection for each request).
Actually the problem is not only with BYE. If you can sniff SIP flow between two UAs (it is necessary to extract proper sequence number, call-id and tags), then you can inject false replies into any transaction in progress. For example by sending such final negative reply to an INVITE you can abort the call in the very beginning, by sending 302 you can divert caller to another person without him even noticing, etc. And while theoretically you can authenticate BYEs if UA/proxy support that, there is no way to authenticate replies at all.
Therefore, the only way to secure SIP signaling from eavesdropper is to use some form of TLS security, that is to encrypt all SIP flow between UA and proxy, so that there is no way to extract information necessary for constructing fake requests and replies without breaking underlying encryption algorithm.
-Maxim