IETF Logo Mail Archive

Re: [Sip] draft-state-sip-relay-attack-00

Hadriel Kaplan <HKaplan@acmepacket.com> Sat, 07 March 2009 19:51 UTC

Return-Path: <HKaplan@acmepacket.com>
X-Original-To: sip@core3.amsl.com
Delivered-To: sip@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F221128C1C1 for <sip@core3.amsl.com>; Sat, 7 Mar 2009 11:51:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.523
X-Spam-Level:
X-Spam-Status: No, score=-2.523 tagged_above=-999 required=5 tests=[AWL=0.076, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7W9F3WYzJ1Te for <sip@core3.amsl.com>; Sat, 7 Mar 2009 11:51:27 -0800 (PST)
Received: from etmail.acmepacket.com (etmail.acmepacket.com [216.41.24.6]) by core3.amsl.com (Postfix) with ESMTP id 1A50628C1B1 for <sip@ietf.org>; Sat, 7 Mar 2009 11:51:27 -0800 (PST)
Received: from mail.acmepacket.com (216.41.24.7) by etmail.acmepacket.com (216.41.24.6) with Microsoft SMTP Server (TLS) id 8.1.291.1; Sat, 7 Mar 2009 14:51:58 -0500
Received: from mail.acmepacket.com ([127.0.0.1]) by mail ([127.0.0.1]) with mapi; Sat, 7 Mar 2009 14:51:56 -0500
From: Hadriel Kaplan <HKaplan@acmepacket.com>
To: Jan Janak <jan@ryngle.com>, Theo Zourzouvillys <theo@crazygreek.co.uk>
Date: Sat, 07 Mar 2009 14:51:54 -0500
Thread-Topic: [Sip] draft-state-sip-relay-attack-00
Thread-Index: AcmfWEPUSoOsIsl/SCOKhQ2+t4Po8wAAVFng
Message-ID: <E6C2E8958BA59A4FB960963D475F7AC314C4DE6298@mail>
References: <49AE593F.6080807@iptel.org> <167dfb9b0903050631r383fdb28x75c964a48e31ea3b@mail.gmail.com> <20090307190922.GB4364@x61s.janakj.ryngle.net>
In-Reply-To: <20090307190922.GB4364@x61s.janakj.ryngle.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "sip@ietf.org" <sip@ietf.org>
Subject: Re: [Sip] draft-state-sip-relay-attack-00
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Mar 2009 19:51:28 -0000

Another question is whether an attacker can create special nonce's for one or more challenges it sends, that will help it figure out the password.  For example can they help a rainbow-table type of password cracking, and how much the cnonce can prevent that.

-hadriel

> -----Original Message-----
> From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org] On Behalf Of Jan
> Janak
> Sent: Saturday, March 07, 2009 2:09 PM
>
> On 05-03 14:31, Theo Zourzouvillys wrote:
> > However, you don't cover the more interesting cases of multi-hop proxy
> > authentication or end-to-end WWW authentication: these are the harder
> > ones to deal with, and may result in some "real" issues in SIP itself
> > rather than shoddy implementations and insecure proxies.
>
> Yes, after reading the discussion here I agree, perhaps the next revision
> of
> the ID (if there is going to be any) should describe more difficult cases,
> such as multi-hop authentication and challenging proxies reachable through
> one
> common proxy. These are much harder cases to deal with.
>
>    Jan.
> _______________________________________________
> Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors@cs.columbia.edu for questions on current sip
> Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email