> -----Original Message----- > From: Jonathan Rosenberg [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 31, 2008 4:23 PM > To: Dan Wing > Cc: 'Dean Willis'; 'Cullen Jennings'; 'SIP IETF'; > 'Uzelac,Adam'; 'Elwell,John' > Subject: Re: [Sip] Thoughts on SIP Identity issues > > Hmm, well I think almost anything a proxy can legally do, can also be > applied maliciously. For example, a proxy can: > > * change the target of the request to someone not at all > expected; e.g., > I call the sales number for company 1 and it gets forwarded > to company 2 > sales number. Frankly, this attack is far worse than any codec change. > > * proxy can drop my requests and cause calls to fail > > * proxy can insert via headers pointing to incorrect previous > hops and > launch dos attacks > > * proxy can modify via fields, causing responses to bypass servers > providing features, disrupting them > > * proxy can discard record-routes in response; causing other > servers to > be bypasses for future requests. Consider the impact of this on a > billing system that is built off another proxy which now > never sees a BYE > > and so on. My your metric, since I cannot differentiate > legitimate from > illegitimate uses of modification of these fields (rr, via, > r-uri), all > uses must be prevented. > > Clearly this doesn't hold water.
Good point. I guess you're saying a proxy can be evil, and a B2BUA can be evil. 4474 only allows detecting if a proxy is evil, based on the stuff that 4474 signs and considers important. I (continue to) suggest that we need a way to detect if an SBC is evil, based on stuff that is signed and is considered important. -d > -Jonathan R. > > > > Dan Wing wrote: > >> On Jul 31, 2008, at 11:22 AM, Jonathan Rosenberg wrote: > >> > >>> Is this an ATTACK though? I don't think it is. > >> If the end user can't tell the difference between a malicious > >> application of the technique and a beneficial application of the > >> technique, then the technique itself is an attack vector > and should > >> be eliminated from the protocol. > > > > Agreed. > > > > -d > > > > > > -- > Jonathan D. Rosenberg, Ph.D. 499 Thornall St. > Cisco Fellow Edison, NJ 08837 > Cisco, Voice Technology Group > [EMAIL PROTECTED] > http://www.jdrosen.net PHONE: (408) 902-3084 > http://www.cisco.com _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
