Re: [MMUSIC] RTSP and NATs

[philippe.gentric@philips.com]

Magnus you write:

>By having the receiver sign the message going from client
>to server with keys that are transported through other ways we can
>ensure that no other than the intended receiver can verify that it
>agrees. This makes it possible to protect also against man in the middle
>attacks. It will of course requires secure RTSP signaling.

I dont see how a "secure RTSP session" solves the case I was thinking about is:

your server thinks that the client is behind a NAT,
because the IP addresses for RTSP and RTP are different,
but in fact that client is a Bad Guy who wants to induce
your server to flood someone else.

if Mr Bad Guy is also a man-in-the-middle you are in real trouble because:

1) your attacker is initiating that RTSP session so

A) your server cannot  trust "a different IP address" indicated in that session, even if the session is TLS-ized  !

B) you cannot use that session to convey crypto stuff for a separate UDP challenge either  because:

2) this guys is also a man-in-the-middle who can trap/spoof UDP traffic
i.e. a challenge/response at that "different IP address".

I dont know how to solve that one (help security experts?)

regards,

Philippe Gentric
Software Architect
Philips MP4Net
"philippe dot gentric at philips dot com"
http://www.platform4.philips.com

_______________________________________________
mmusic mailing list
mmusic@ietf.org
https://www1.ietf.org/mailman/listinfo/mmusic