[VOIPSEC] VoIP Attack : How feasible
Dan Wing
dwing at cisco.com
Tue Jul 25 13:54:16 CDT 2006
> Dan Wing writes:
> > > The I-CSCF/Routing proxy has to be told that each of the
> > > clients moved to another edge proxy.
>
> > That is necessary whenever a P-CSCF (edge proxy) dies,
> > unless the "new" P-CSCF assumes the now-dead P-CSCF's
> > identity (IP address).
>
> Thanks! That was the missing piece of the puzzle for me. To
> make this so it doesn't trash the core network with work on
> a failure, Host2 takes over Host1's core-facing identity. I
> failed to extract that bit of information from the draft.
The draft doesn't care much about what happens on the core
side -- it is only trying to establish a standard for the
connection between the UA and its edge proxy/proxies.
> I'm much happier now.
:-)
-d
> Geoff
>
> -----Original Message-----
> From: Dan Wing [mailto:dwing at cisco.com]
> Sent: Tuesday, July 25, 2006 1:42 PM
> To: Geoff Devine; 'DePietro, John'; 'Pankaj Shroff'
> Cc: Voipsec at voipsa.org
> Subject: RE: [VOIPSEC] VoIP Attack : How feasible
>
> > Doesn't this approach just create a registration storm when
> there is a
> > failure?
>
> No, you're registered at both proxies all the time. See section 3
> of the Internet Draft. It has a beautiful ASCII diagram:
>
> +-------------------+
> | Domain |
> | Logical Proxy/Reg |
> | |
> |+-----+ +-----+|
> ||Host1| |Host2||
> |+-----+ +-----+|
> +---\------------/--+
> \ /
> \ /
> \ /
> \ /
> +------+
> | User |
> | Agent|
> +------+
>
> > The I-CSCF/Routing proxy has to be told that each of the
> > clients moved to another edge proxy.
>
> That is necessary whenever a P-CSCF (edge proxy) dies, unless
> the "new" P-CSCF assumes the now-dead P-CSCF's identity (IP
> address). That can still be done with the scheme described
> in sip-outbound.
>
> -d
More information about the Voipsec
mailing list