[VOIPSEC] VoIP Attack : How feasible
Geoff Devine
gdevine at cedarpointcom.com
Tue Jul 25 12:55:51 CDT 2006
Dan Wing writes:
> > The I-CSCF/Routing proxy has to be told that each of the
> > clients moved to another edge proxy.
> That is necessary whenever a P-CSCF (edge proxy) dies,
> unless the "new" P-CSCF assumes the now-dead P-CSCF's
> identity (IP address).
Thanks! That was the missing piece of the puzzle for me. To make this
so it doesn't trash the core network with work on a failure, Host2 takes
over Host1's core-facing identity. I failed to extract that bit of
information from the draft.
I'm much happier now.
Geoff
-----Original Message-----
From: Dan Wing [mailto:dwing at cisco.com]
Sent: Tuesday, July 25, 2006 1:42 PM
To: Geoff Devine; 'DePietro, John'; 'Pankaj Shroff'
Cc: Voipsec at voipsa.org
Subject: RE: [VOIPSEC] VoIP Attack : How feasible
> Doesn't this approach just create a registration storm when there is a
> failure?
No, you're registered at both proxies all the time. See section 3
of the Internet Draft. It has a beautiful ASCII diagram:
+-------------------+
| Domain |
| Logical Proxy/Reg |
| |
|+-----+ +-----+|
||Host1| |Host2||
|+-----+ +-----+|
+---\------------/--+
\ /
\ /
\ /
\ /
+------+
| User |
| Agent|
+------+
> The I-CSCF/Routing proxy has to be told that each of the
> clients moved to another edge proxy.
That is necessary whenever a P-CSCF (edge proxy) dies, unless
the "new" P-CSCF assumes the now-dead P-CSCF's identity (IP
address). That can still be done with the scheme described
in sip-outbound.
-d
More information about the Voipsec
mailing list