[VOIPSEC] RE: Preventing rogue RTP streams
Christopher A. Martin
chris at infravast.com
Thu May 19 19:22:11 CDT 2005
As long as the SIP firewall Proxy (SFP) or SIP firewall ALG (SFA) are
providing a strong policy that has both the source and destination this
is lower risk, except in the case of spoofing, which would be a useful
attack against voice mail systems. In any event though, as long as the
firewall is dynamically allocating the ports and src/dst policies this
is also a short window of opportunity for such an attack, requiring
knowledge of an open attack vector.
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Geoff Devine
Sent: Thursday, May 19, 2005 6:37 AM
To: Voipsec at voipsa.org
Subject: [VOIPSEC] RE: Preventing rogue RTP streams
If you don't have a network device between the two endpoints to perform
admission control, there is no way to prevent this condition. In
theory, a SIP-aware NAT/Firewall device could shut the pin hole for the
RTP stream when they see a SIP BYE. In this case, the admission control
is done by your home or corporate NAT/Firewall instead of an SBC. Of
course, this only works if you are signaling in the clear. As soon as
you turn on SIP encryption, you're out of luck.
Geoff
________________________________
From: "Nhut Nguyen" <nnguyen at sta.samsung.com>
Subject: [VOIPSEC] Preventing rogue RTP streams
Hello everyone!
Since in SIP RTP packets are sent end-to-end how one can prevent SIP
endpoints to send RTP packets after a session was closed? I know that
SBCs handle this issue but am wondering if there are any other
solutions. Any pointers?
Thanks!
More information about the Voipsec
mailing list