Theo,
Thanks for writing this up.
A few comments.
Firstly, it seems that the easiest solution is just 'use tcp'. This is
one of many reasons (and growing) why we need to be pushing
implementations to tcp.
Secondly, if you want to do this for UDP, you could instead use
anonymous authentication. Then, the existing nonce takes on the role of
a cookie. I suspect that anonymous authentication is not widely
implemented, but neither is a new protocol. That said, I think the right
answer still is 'use tcp'.
Finally, the media portion of this attack, as you point out, is far more
disruptive. That attack does not require spoofing even; just listing the
IP address/port of the target in the SDP of the INVITE. We were calling
this the 'voice hammer' attack, originally documented here:
http://tools.ietf.org/html/draft-rosenberg-mmusic-rtp-denialofservice-00
and described in Section 18.5.1 of ICE. The via cookie mechanism you
propose, SIP-over-TCP, or anonymous authentication, none of them fix
this attack. AFAIK, ICE is the only remedy.
-Jonathan R.
--
Jonathan D. Rosenberg, Ph.D. 111 Wood Avenue South
Cisco Fellow Iselin, NJ 08830
Cisco, Voice Technology Group
[email protected]
http://www.jdrosen.net PHONE: (408) 902-3084
http://www.cisco.com
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [email protected] for questions on current sip
Use [email protected] for new developments on the application of sip
