Hmm, well I think almost anything a proxy can legally do, can also be
applied maliciously. For example, a proxy can:
* change the target of the request to someone not at all expected; e.g.,
I call the sales number for company 1 and it gets forwarded to company 2
sales number. Frankly, this attack is far worse than any codec change.
* proxy can drop my requests and cause calls to fail
* proxy can insert via headers pointing to incorrect previous hops and
launch dos attacks
* proxy can modify via fields, causing responses to bypass servers
providing features, disrupting them
* proxy can discard record-routes in response; causing other servers to
be bypasses for future requests. Consider the impact of this on a
billing system that is built off another proxy which now never sees a BYE
and so on. My your metric, since I cannot differentiate legitimate from
illegitimate uses of modification of these fields (rr, via, r-uri), all
uses must be prevented.
Clearly this doesn't hold water.
-Jonathan R.
Dan Wing wrote:
On Jul 31, 2008, at 11:22 AM, Jonathan Rosenberg wrote:
Is this an ATTACK though? I don't think it is.
If the end user can't tell the difference between a malicious
application of the technique and a beneficial application of the
technique, then the technique itself is an attack vector and should
be eliminated from the protocol.
Agreed.
-d
--
Jonathan D. Rosenberg, Ph.D. 499 Thornall St.
Cisco Fellow Edison, NJ 08837
Cisco, Voice Technology Group
[EMAIL PROTECTED]
http://www.jdrosen.net PHONE: (408) 902-3084
http://www.cisco.com
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
