[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] draft-state-sip-relay-attack-00

To: Nils Ohlmeier <lists at ohlmeier.org>
Subject: Re: [Sip] draft-state-sip-relay-attack-00
From: "Dale Worley" <dworley at nortel.com>
Date: Fri, 06 Mar 2009 14:41:59 -0500
Cc: sip at ietf.org
Delivered-to: sip at core3.amsl.com
In-reply-to: <e4c7495a3f98d5a2a85ccf85047515f0.squirrel at www.ohlmeier.com>
List-archive: <http://www.ietf.org/mail-archive/web/sip>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
Organization: Nortel Networks
References: <49AE593F.6080807 at iptel.org> <e4c7495a3f98d5a2a85ccf85047515f0.squirrel at www.ohlmeier.com>

On Thu, 2009-03-05 at 14:40 +0100, Nils Ohlmeier wrote:
> One thing which is not that obvious but is implictly a requirement for the
> attack: the proxies has to challenge in-dialog requests. I do not see a
> big benefit in challeging in-dialog requests as these are hopefully
> rejected by the remote side if no matching dialog exists. If the UA would
> know that his proxy does not challenge in-dialog requests it could simply
> ignore the challenge :-)

Except that there are legitimate uses for challenging in-dialog
requests:  sipX uses it to allow a phone to transfer a caller to any
destination that the executing phone has permission to call.  The first
step of this process is that when the executing phone sends a REFER, the
proxy challenges the REFER so that the executing phone attaches its
credentials to the REFER.  The proxy then analyzes these credentials to
determine the user that is responsible for the transfer operation, etc.
Without the in-dialog challenge, there is no way for the proxy to
determine the user that is responsible for transfer operation.

Dale

Follow-Ups:
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Nils Ohlmeier

References:
- [Sip] draft-state-sip-relay-attack-00
  - From: Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Nils Ohlmeier

Prev by Date: Re: [Sip] SIP Tracing Facility
Next by Date: Re: [Sip] draft-state-sip-relay-attack-00
Previous by thread: Re: [Sip] draft-state-sip-relay-attack-00
Next by thread: Re: [Sip] draft-state-sip-relay-attack-00
Index(es):
- Date
- Thread