[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] SIP Dialog Match

To: "Karunesh Sharma" <Karunesh.Sharma at globallogic.com>, "Dale Worley" <dworley at nortel.com>
Subject: Re: [Sip] SIP Dialog Match
From: "T Satyanarayana-A12694" <satyanarayana.t at motorola.com>
Date: Fri, 7 Aug 2009 21:28:42 +0800
Cc: sip at ietf.org
Delivered-to: sip at core3.amsl.com
In-reply-to: <5F063FC3F0C8F14E945465A68E63C43E9454EF at ex3-del1.synapse.com>
List-archive: <http://www.ietf.org/mail-archive/web/sip>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <5F063FC3F0C8F14E945465A68E63C43E9451DB at ex3-del1.synapse.com><abcc59880908010647h1a4ae3f6m3f5feb4cfb71e1ac at mail.gmail.com><1249249277.4106.1.camel at victoria-pingtel-com.us.nortel.com><5F063FC3F0C8F14E945465A68E63C43E945346 at ex3-del1.synapse.com><1249313088.3791.0.camel at victoria-pingtel-com.us.nortel.com><5F063FC3F0C8F14E945465A68E63C43E945347 at ex3-del1.synapse.com><1249314398.3791.5.camel at victoria-pingtel-com.us.nortel.com><5F063FC3F0C8F14E945465A68E63C43E94534A at ex3-del1.synapse.com><1249315489.3791.10.camel at victoria-pingtel-com.us.nortel.com> <5F063FC3F0C8F14E945465A68E63C43E9454EF at ex3-del1.synapse.com>
Thread-index: AcoUVCXPEClx7WpKR+q3Mwth+b1Y2QDC2udwAABHwlA=
Thread-topic: [Sip] SIP Dialog Match

Well, strictly speaking, this is possible and most SIP networks are
vulnerable to this. This is no different from HTTP or SMTP where this is
possible.

The guidelines (there could be others as well) to overcome this are:

1. Implement a known-good-source kind of logic where you accept
responses coming only from a well known proxy. Ofcourse, this works only
when there is a proxy and when the source IP address of the response
itself is not modified.

2. Implement encryption (e.g. TLS) for signaling

Regards
Satya T

-----Original Message-----
From: sip-bounces at ietf.org [mailto:sip-bounces at ietf.org] On Behalf Of
Karunesh Sharma
Sent: Friday, August 07, 2009 6:37 PM
To: Dale Worley
Cc: sip at ietf.org
Subject: Re: [Sip] SIP Dialog Match

Dale:

It's simple scenario where 'A' sent INVITE to 'B'. 'C' is man in middle
captured the INVITE and sent the response back to 'A'. I wonder why no
one ever had such case ever and why there is no established guidelines.

K$
_______________________

-----Original Message-----
From: Dale Worley [mailto:dworley at nortel.com]
Sent: Monday, August 03, 2009 9:35 PM
To: Karunesh Sharma
Cc: aayush bhatnagar; sip at ietf.org
Subject: RE: [Sip] SIP Dialog Match

On Mon, 2009-08-03 at 21:28 +0530, Karunesh Sharma wrote:
> Is this a valid behavior for scenario like 'Call-Forwarding'?

In principle, the responses to a request should almost always come from
the address to which the request was sent.  But that is not usually
enforced, and there may be good reasons why it isn't happening in a
particular instance.

In regard to an observed instance of this behavior, you must first
determine the complete routing of the request in question and the reason
for each routing step.

Dale


_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol Use
sip-implementors at cs.columbia.edu for questions on current sip Use
sipping at ietf.org for new developments on the application of sip

References:
- [Sip] SIP Dialog Match
  - From: Karunesh Sharma
- Re: [Sip] SIP Dialog Match
  - From: aayush bhatnagar
- Re: [Sip] SIP Dialog Match
  - From: Dale Worley
- Re: [Sip] SIP Dialog Match
  - From: Karunesh Sharma
- Re: [Sip] SIP Dialog Match
  - From: Dale Worley
- Re: [Sip] SIP Dialog Match
  - From: Karunesh Sharma
- Re: [Sip] SIP Dialog Match
  - From: Dale Worley
- Re: [Sip] SIP Dialog Match
  - From: Karunesh Sharma
- Re: [Sip] SIP Dialog Match
  - From: Dale Worley
- Re: [Sip] SIP Dialog Match
  - From: Karunesh Sharma

Prev by Date: Re: [Sip] SIP Dialog Match
Next by Date: Re: [Sip] Contact header in 200 OK
Previous by thread: Re: [Sip] SIP Dialog Match
Next by thread: Re: [Sip] SIP Dialog Match
Index(es):
- Date
- Thread