Am 06.03.2009 20:41 Uhr, schrieb Dale Worley:
On Thu, 2009-03-05 at 14:40 +0100, Nils Ohlmeier wrote:
One thing which is not that obvious but is implictly a requirement for the
attack: the proxies has to challenge in-dialog requests. I do not see a
big benefit in challeging in-dialog requests as these are hopefully
rejected by the remote side if no matching dialog exists. If the UA would
know that his proxy does not challenge in-dialog requests it could simply
ignore the challenge :-)
Except that there are legitimate uses for challenging in-dialog
requests: sipX uses it to allow a phone to transfer a caller to any
destination that the executing phone has permission to call. The first
step of this process is that when the executing phone sends a REFER, the
proxy challenges the REFER so that the executing phone attaches its
credentials to the REFER. The proxy then analyzes these credentials to
determine the user that is responsible for the transfer operation, etc.
Without the in-dialog challenge, there is no way for the proxy to
determine the user that is responsible for transfer operation.
Good point. Except that a REFER is not relevant for this replay attack.
So would re-phrase it: I do not see a big benefit in challeging
in-dialog INVITE requests. :-)
Greetings
Nils
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [email protected] for questions on current sip
Use [email protected] for new developments on the application of sip
