[VOIPSEC] Mapping SIP networks?
Dustin D. Trammell
dtrammell at bpointsys.com
Tue Mar 25 13:46:27 CDT 2008
On Tue, 2008-03-25 at 13:31 -0500, Dustin D. Trammell wrote:
> On Tue, 2008-03-25 at 13:32 -0400, Shawn Merdinger wrote:
> > I'm wondering what techniques and tools folks are using to map SIP
> > networks to determine the routes signaling and media streams are
> > taking from a SIP user agent.
>
> The tools you already mentioned should be fairly accurate for tracing
> the media stream since that's generally point to point over the
> lower-layer transport (TCP/UDP), however I think what would likely be
> more accurate for signaling would be to script up a "SIP Traceroute"
> using the Max-Forwards header[1]. By repeatedly sending the SIP request
> that you want to trace with an incrementing Max-Forwards value, you
> should get a 483 (too many hops) message back from each hop in the route
> until you get the expected response from the final destination.
>
> [1] http://www.faqs.org/rfcs/rfc3261.html Section 8.1.1.6
I just found this document which focuses on using 483 responses to
diagnose SIP routing problems and such. The draft indicates that there
isn't enough information in the standard 483 response to diagnose
routing loops and things of that nature, so you may not be able to use
this method after all. It looks like the biggest problem is that the
403 doesn't contain any indication of what server returned the error:
http://tools.ietf.org/html/draft-ietf-sip-hop-limit-diagnostics-03
--
Dustin D. Trammell
Security Researcher
BreakingPoint Systems, Inc.
More information about the Voipsec
mailing list