Hi Jonathan, Thank you very much for your comments.
On Sat, Mar 14, 2009 at 1:38 PM, Jonathan Rosenberg <[email protected]> wrote: > Firstly, it seems that the easiest solution is just 'use tcp'. This is one > of many reasons (and growing) why we need to be pushing implementations to > tcp. absolutely, or even better, [D]TLS. problem is, in reality, UDP is not going away overnight. we're far more likely to get vendors to add a mechanism in that doesn't cost too much in terms of implementation than expect everyone stops using UDP. > Secondly, if you want to do this for UDP, you could instead use anonymous > authentication. Then, the existing nonce takes on the role of a cookie. I > suspect that anonymous authentication is not widely implemented, but neither > is a new protocol. That said, I think the right answer still is 'use tcp'. I did consider that. The problem then is that it requires end-to-end support, where as this is hop-by-hop, and as such means it doesn't have HERFP problems or require every endpoint to upgrade - only the hops that talk to public servers. Via cookies also work over multiple hops, where as anonymous would require a request-per-hop, each request getting one hop further. This could be very expensive in both network load and call setup time. > Finally, the media portion of this attack, as you point out, is far more > disruptive. That attack does not require spoofing even; just listing the IP > address/port of the target in the SDP of the INVITE. We were calling this > the 'voice hammer' attack, originally documented here: > > http://tools.ietf.org/html/draft-rosenberg-mmusic-rtp-denialofservice-00 excellent. i'd not come across that before. i'll have a read tonight. > and described in Section 18.5.1 of ICE. The via cookie mechanism you > propose, SIP-over-TCP, or anonymous authentication, none of them fix this > attack. indeed - i wanted to solve the signalling side before i moved onto the (albeit more serious) media problem > AFAIK, ICE is the only remedy. Yes, i came to the same conclusion; it's a shame that an ICE lite implementation wouldn't itself fix it. (could it? :-)) There is also the problem of targeting a dialog at the victim (think SUBSCRIBE with Contact of the victim), which is the 3rd issue. ~ Theo _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
