[VOIPSEC] Anyone aware of public disclosures of security incidents related to SIP trunks?
Victor Pascual Avila
victor.pascual.avila at gmail.com
Thu Dec 24 02:36:29 CST 2009
Hi,
On Thu, Dec 24, 2009 at 1:18 AM, ed guy <edguy at emcsw.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/22/09 6:09 AM, J. Oquendo wrote:
>>
>>> DY> Right. An attacker could potentially spoof the IP and trigger
>> many SIP INVITES, but would not be able to receive the return traffic
>> and launch the actual call.
>>
> Dan,
>
> This threat is one of the reasons why sip identity (rfc 4474) is
> available for asterisk
> and openser/kamilio. With the right configuration, it allows you set
> control access
> without significantly impacting Post Dial Delay. e.g., after the
> identity is authenticated,
> one can make admittance decisions based on the identity or signer.
For the sake of completeness:
http://tools.ietf.org/html/draft-elwell-sip-e2e-identity-important-03#section-3.5
"The reason SIP Identity does not work in common situations is that
B2BUAs, and in particular Session Border Controllers (SBCs), have
reasons to change some parts of the signed information when forwarding
a SIP request, thus breaking the signature."
Cheers,
--
Victor Pascual Ávila
More information about the Voipsec
mailing list