Dan Wing wrote:
Thanks for publishing that attack. It has similarities with the attack
described by Hadriel in
http://tools.ietf.org/html/draft-kaplan-sip-baiting-attack.
Yes, it also modifies part of the request which are not signed by the
authentication/signature algorithm. I should mention this draft in a
later version.
However, the goal is not the same. Hadriel's draft is focused on
impersonation, whereby the other draft is focused on breaking the
authentication done at the proxy. The second difference is that it works
right now with any publicly reachable SIP provider.
Raphael.
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [email protected] for questions on current sip
Use [email protected] for new developments on the application of sip
