[VOIPSEC] Spoof of IP address within a (large) domain
Desai, Ashish
Ashish.Desai at fmr.com
Thu Mar 24 15:15:50 GMT 2005
Being able to use spoofed IPaddress in a TCP connection is pretty
hard these days as you have to be able to predict sequence numbers.
So if you make your SIP stack only allow TCP, you significantly reduce
the spoofing problem.
Ashish
Fidelity E-Business
Info Security
> -----Original Message-----
> From: Chris Calabrese [mailto:chris_calabrese at medco.com]
> Sent: Thursday, March 24, 2005 9:02 AM
> Cc: 'VoipSec'
> Subject: Re: [VOIPSEC] Spoof of IP address within a (large) domain
>
> IP addresses are easily spoofed on most networks, and even
> MAC addresses
> are spoofable.
>
> The SIP RFC specifically states (at least the older version
> that I read)
> that you must use IPSec if you expect any level of confidentiality or
> integrity.
>
> Therefore, to start a possible flame war, any claim of
> security without
> using IPSec (or possibly some equivalent) is false.
More information about the Voipsec
mailing list