[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sip] SIP Dialog Match
What about sending INVITE to 'B' & getting all responses (which includes provisional response 1xx) from 'C'?
K$
_______________________
-----Original Message-----
From: Dale Worley [mailto:dworley at nortel.com]
Sent: Monday, August 03, 2009 3:11 AM
To: aayush bhatnagar
Cc: Karunesh Sharma; sip at ietf.org
Subject: Re: [Sip] SIP Dialog Match
> On Thu, Jul 30, 2009 at 09:28, Karunesh Sharma
> <Karunesh.Sharma at globallogic.com> wrote:
> I am having a question about SIP dialog validation using
> src/dst ip. If there is established sip dialog between ‘A’ &
> ‘B’ then can ‘C’ who is not party to existing dialog and who
> somehow knows all sip dialog identifiers (Call-ID, To/From
> Tags) of the dialog between ‘A’ & ‘B’, sends target refresh
> request with its own IP in contact. This is a typical call
> hijacking case. If this is valid how to avoid that? Is
> Authentication is only way out or do we have other alternate
> as well?
For "basic" security, it is usually assumed that if an agent knows the
dialog identifiers, then it has the right to manipulate the dialog.
(See, e.g., the Replace and Join headers.) For stricter security,
additional authentication mechanisms have to be deployed, but the IETF
has not standardized any such mechanism.
Dale