Re: [Sip] draft-state-sip-relay-attack-00
Jan Janak <jan@ryngle.com> Sat, 07 March 2009 19:50 UTC
Return-Path: <jan@ryngle.com>
X-Original-To: sip@core3.amsl.com
Delivered-To: sip@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2BB6D28C1B4 for <sip@core3.amsl.com>; Sat, 7 Mar 2009 11:50:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4kr1AuiUqaST for <sip@core3.amsl.com>; Sat, 7 Mar 2009 11:50:17 -0800 (PST)
Received: from mail-bw0-f178.google.com (mail-bw0-f178.google.com [209.85.218.178]) by core3.amsl.com (Postfix) with ESMTP id 9338D28C1B1 for <sip@ietf.org>; Sat, 7 Mar 2009 11:50:16 -0800 (PST)
Received: by bwz26 with SMTP id 26so748241bwz.37 for <sip@ietf.org>; Sat, 07 Mar 2009 11:50:47 -0800 (PST)
Received: by 10.103.249.19 with SMTP id b19mr1726730mus.86.1236455447490; Sat, 07 Mar 2009 11:50:47 -0800 (PST)
Received: from x61s.janakj (r9ea97.net.upc.cz [78.102.130.97]) by mx.google.com with ESMTPS id 14sm4267249muo.20.2009.03.07.11.50.46 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 07 Mar 2009 11:50:46 -0800 (PST)
Received: by x61s.janakj (Postfix, from userid 1000) id 60A324403F8; Sat, 7 Mar 2009 20:50:45 +0100 (CET)
Date: Sat, 07 Mar 2009 20:50:45 +0100
From: Jan Janak <jan@ryngle.com>
To: Hadriel Kaplan <HKaplan@acmepacket.com>
Message-ID: <20090307195045.GC4364@x61s.janakj.ryngle.net>
References: <49AE593F.6080807@iptel.org> <0a8001c99d0f$0b21e210$c2f0200a@cisco.com> <49AF9FC8.2020200@iptel.org> <E6C2E8958BA59A4FB960963D475F7AC314C46BD96D@mail>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <E6C2E8958BA59A4FB960963D475F7AC314C46BD96D@mail>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: "sip@ietf.org" <sip@ietf.org>, Dan Wing <dwing@cisco.com>
Subject: Re: [Sip] draft-state-sip-relay-attack-00
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Mar 2009 19:50:19 -0000
On 05-03 11:33, Hadriel Kaplan wrote: > > > > -----Original Message----- > > From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org] On Behalf Of > > Raphael Coeffic > > Sent: Thursday, March 05, 2009 4:48 AM > > > > The second difference is that it works > > right now with any publicly reachable SIP provider. > > I think I know what you mean by this statement, but maybe I don't. I think you mean it "works" right now only on a publicly reachable SIP provider that accepts INVITE requests from non-Registered Contacts. No? Or do you mean you've done testing of all publicly reachable SIP providers and found this to be an issue for all of them, right now? I am not sure I understand how accepting/not-accepting INVITEs from non-registered contacts makes it different, could you elaborate? Roughly, as long as the attacker can establish a call with the victim and make him/her respond to 407 within the session (for example by forcing the UA to generate a re-INVITE), the attacker can get access to the victims credentials. In some cases (if the victim UA is only reachable through a proxy and the proxy removes its own credentials), the attacker would not be able to get the credentials for that proxy, but might be able to get credentials for another domain if the victim's UA is configured with multiple sets of credentials. I don't want to put words in Raphael's mouth, but he probably mentioned publicly reachable SIP providers because they typically place no restrictions on incoming calls for their users and thus this kind of attack can be easily tried with them. > And this is not to say the attack isn't interesting, or that publicly > reachable SIP providers actually *use* such security policies. I've been > surprised before about how some of them don't actually employ the security > mechanisms they have at their disposal. But not using available mechanisms > is very different from not having a way to do them. Yes, I agree, in this case it would be interesting to know how many of them actually remove used digest credentials before they forward SIP requests. Jan.
- Re: [Sip] draft-state-sip-relay-attack-00 Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00 Michael Procter
- Re: [Sip] draft-state-sip-relay-attack-00 Raphael Coeffic
- [Sip] draft-state-sip-relay-attack-00 Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00 Dan Wing
- Re: [Sip] draft-state-sip-relay-attack-00 Theo Zourzouvillys
- Re: [Sip] draft-state-sip-relay-attack-00 Jan Janak
- Re: [Sip] draft-state-sip-relay-attack-00 Michael Procter
- Re: [Sip] draft-state-sip-relay-attack-00 Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00 Nils Ohlmeier
- Re: [Sip] draft-state-sip-relay-attack-00 Theo Zourzouvillys
- Re: [Sip] draft-state-sip-relay-attack-00 Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00 Dan Wing
- Re: [Sip] draft-state-sip-relay-attack-00 Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00 Theo Zourzouvillys
- Re: [Sip] draft-state-sip-relay-attack-00 Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00 Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00 Theo Zourzouvillys
- Re: [Sip] draft-state-sip-relay-attack-00 Dale Worley
- Re: [Sip] draft-state-sip-relay-attack-00 Nils Ohlmeier
- Re: [Sip] draft-state-sip-relay-attack-00 Theo Zourzouvillys
- Re: [Sip] draft-state-sip-relay-attack-00 Nils Ohlmeier
- Re: [Sip] draft-state-sip-relay-attack-00 Jan Janak
- Re: [Sip] draft-state-sip-relay-attack-00 Jan Janak
- Re: [Sip] draft-state-sip-relay-attack-00 Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00 Jan Janak
- Re: [Sip] draft-state-sip-relay-attack-00 Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00 Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00 Victor Pascual Ávila
- Re: [Sip] draft-state-sip-relay-attack-00 Theo Zourzouvillys
- Re: [Sip] draft-state-sip-relay-attack-00 Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00 Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00 Nils Ohlmeier
- Re: [Sip] draft-state-sip-relay-attack-00 Theo Zourzouvillys
- Re: [Sip] draft-state-sip-relay-attack-00 Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00 Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00 Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00 Nils Ohlmeier
- Re: [Sip] draft-state-sip-relay-attack-00 Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00 Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00 Scott Lawrence
- Re: [Sip] draft-state-sip-relay-attack-00 Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00 Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00 Nils Ohlmeier
- Re: [Sip] draft-state-sip-relay-attack-00 Victor Pascual Ávila
- Re: [Sip] draft-state-sip-relay-attack-00 Nils Ohlmeier
- Re: [Sip] draft-state-sip-relay-attack-00 Jonathan Rosenberg
- Re: [Sip] draft-state-sip-relay-attack-00 Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00 Jonathan Rosenberg
- Re: [Sip] draft-state-sip-relay-attack-00 Nils Ohlmeier
- Re: [Sip] draft-state-sip-relay-attack-00 Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00 Victor Pascual Ávila
- Re: [Sip] draft-state-sip-relay-attack-00 Jiri Kuthan