> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Theo > Zourzouvillys > Sent: Thursday, March 05, 2009 9:31 AM > > The only issue i see is in fig 3, how to identify a next hop is > actually proxy.com and not bob, as a proxy will commonly RR with a URI > such as node-01.proxy.com instead of proxy.com, or even use an IP > address in it. ... The second way is > to always send requests to proxy.com (i.e, using outboind), even in > dialog ones (and indeed many UAs have a "send in-dialog requests via > outbound proxy" option,which makes this attack go away) - although > this might breaks some broken SBCs out there that SPs deploy today.
Ummm... in what way? The SBC *is* the outbound proxy. And figure-3 isn't possible since clearly SBC's remove Alice's Via and Contact URI's, such that Bob won't know how to bypass the SBC to reach Alice. And if the SBC doesn't do that, then you're right it's broken, and technically not an SBC but more like a 3GPP P-CSCF. (And I heave heard some "SBC's" are really inline as ALG's, but the ALG model is known to be broken in real-world SIP use) -hadriel _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
