IETF Logo Mail Archive

Re: [Sip] draft-state-sip-relay-attack-00

"Dale Worley" <dworley@nortel.com> Fri, 06 March 2009 19:41 UTC

Return-Path: <dworley@nortel.com>
X-Original-To: sip@core3.amsl.com
Delivered-To: sip@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4E16F28C22B for <sip@core3.amsl.com>; Fri, 6 Mar 2009 11:41:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.529
X-Spam-Level:
X-Spam-Status: No, score=-6.529 tagged_above=-999 required=5 tests=[AWL=0.070, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iOl4EoBXcc4Y for <sip@core3.amsl.com>; Fri, 6 Mar 2009 11:41:33 -0800 (PST)
Received: from zrtps0kp.nortel.com (zrtps0kp.nortel.com [47.140.192.56]) by core3.amsl.com (Postfix) with ESMTP id 4FDC828C149 for <sip@ietf.org>; Fri, 6 Mar 2009 11:41:33 -0800 (PST)
Received: from zrtphxs1.corp.nortel.com (casmtp.ca.nortel.com [47.140.202.46]) by zrtps0kp.nortel.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id n26Jg1A21832; Fri, 6 Mar 2009 19:42:01 GMT
Received: from [47.16.90.165] ([47.16.90.165]) by zrtphxs1.corp.nortel.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 6 Mar 2009 14:41:59 -0500
From: Dale Worley <dworley@nortel.com>
To: Nils Ohlmeier <lists@ohlmeier.org>
In-Reply-To: <e4c7495a3f98d5a2a85ccf85047515f0.squirrel@www.ohlmeier.com>
References: <49AE593F.6080807@iptel.org> <e4c7495a3f98d5a2a85ccf85047515f0.squirrel@www.ohlmeier.com>
Content-Type: text/plain
Organization: Nortel Networks
Date: Fri, 06 Mar 2009 14:41:59 -0500
Message-Id: <1236368519.3762.20.camel@victoria-pingtel-com.us.nortel.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.12.3 (2.12.3-5.fc8)
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 06 Mar 2009 19:41:59.0844 (UTC) FILETIME=[9D9CA640:01C99E93]
Cc: sip@ietf.org
Subject: Re: [Sip] draft-state-sip-relay-attack-00
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2009 19:41:34 -0000

On Thu, 2009-03-05 at 14:40 +0100, Nils Ohlmeier wrote:
> One thing which is not that obvious but is implictly a requirement for the
> attack: the proxies has to challenge in-dialog requests. I do not see a
> big benefit in challeging in-dialog requests as these are hopefully
> rejected by the remote side if no matching dialog exists. If the UA would
> know that his proxy does not challenge in-dialog requests it could simply
> ignore the challenge :-)

Except that there are legitimate uses for challenging in-dialog
requests:  sipX uses it to allow a phone to transfer a caller to any
destination that the executing phone has permission to call.  The first
step of this process is that when the executing phone sends a REFER, the
proxy challenges the REFER so that the executing phone attaches its
credentials to the REFER.  The proxy then analyzes these credentials to
determine the user that is responsible for the transfer operation, etc.
Without the in-dialog challenge, there is no way for the proxy to
determine the user that is responsible for transfer operation.

Dale

v2.23.0 | Report a Bug | By Email