Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"

Iñaki Baz Castillo Sat, 01 Nov 2008 05:58:21 -0700

El Viernes, 31 de Octubre de 2008, Dean Willis escribió:

> Now, from a security perspective: Who's done the analysis on whether
> DERIVE introduces new attack opportunities?
>
> For example, is there a DOS opportunity in using the home proxy as a
> message-exploder for source-forged SUBSCRIBE requests? Seems like thre
> might be a problem there . . .


Do you mean something as:

  attacker              alice                 bob (victim)
  INVITE (From: bob) ----->
                        SUBSCRIBE ------------->
  INVITE (From: bob) ----->
                        SUBSCRIBE ------------->
  INVITE (From: bob) ----->
                        SUBSCRIBE ------------->
  INVITE (From: bob) ----->
                        SUBSCRIBE ------------->

?


-- 
Iñaki Baz Castillo
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip

Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"

Reply via email to