Re: [Speermint] FW: I-D Action:draft-niccolini-speermint-voipthreats-03.txt
Dan York <dyork@voxeo.com> Mon, 25 February 2008 14:07 UTC
Return-Path: <speermint-bounces@ietf.org>
X-Original-To: ietfarch-speermint-archive@core3.amsl.com
Delivered-To: ietfarch-speermint-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE1793A6C0B; Mon, 25 Feb 2008 06:07:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.166
X-Spam-Level:
X-Spam-Status: No, score=0.166 tagged_above=-999 required=5 tests=[AWL=-0.299, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, HTML_MESSAGE=1, HTML_OBFUSCATE_05_10=0.001, MIME_HTML_MOSTLY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GjxWIbE7zEaD; Mon, 25 Feb 2008 06:07:24 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3E90128C33F; Mon, 25 Feb 2008 06:06:43 -0800 (PST)
X-Original-To: speermint@core3.amsl.com
Delivered-To: speermint@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AD0CA28C2C4 for <speermint@core3.amsl.com>; Mon, 25 Feb 2008 06:06:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xwnYJ7y06RnV for <speermint@core3.amsl.com>; Mon, 25 Feb 2008 06:06:41 -0800 (PST)
Received: from voxeo.com (mmail.voxeo.com [66.193.54.208]) by core3.amsl.com (Postfix) with ESMTP id D529728C3B5 for <speermint@ietf.org>; Mon, 25 Feb 2008 06:05:47 -0800 (PST)
Received: from [75.68.245.43] (account dyork HELO [172.20.12.144]) by voxeo.com (CommuniGate Pro SMTP 5.1.14) with ESMTPSA id 28195093; Mon, 25 Feb 2008 14:05:40 +0000
In-Reply-To: <5F6519BF2DE0404D99B7C75607FF76FF53DBF5@mx1.office>
References: <5F6519BF2DE0404D99B7C75607FF76FF53DBF5@mx1.office>
Mime-Version: 1.0 (Apple Message framework v753)
Message-Id: <384253AE-20F6-41A2-B540-0CA3CA2AE2BB@voxeo.com>
From: Dan York <dyork@voxeo.com>
Date: Mon, 25 Feb 2008 09:05:29 -0500
To: Saverio Niccolini <Saverio.Niccolini@nw.neclab.eu>
X-Mailer: Apple Mail (2.753)
Cc: speermint@ietf.org
Subject: Re: [Speermint] FW: I-D Action:draft-niccolini-speermint-voipthreats-03.txt
X-BeenThere: speermint@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mailing list for the speermint working group <speermint.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/speermint>, <mailto:speermint-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/speermint>
List-Post: <mailto:speermint@ietf.org>
List-Help: <mailto:speermint-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/speermint>, <mailto:speermint-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0413831007=="
Sender: speermint-bounces@ietf.org
Errors-To: speermint-bounces@ietf.org
Saverio, The document looks quite good. On behalf of VOIPSA, I'll say again thanks for the mention of the Threat Taxonomy. (I know I've said this to you personally in the past but also want to do so publicly.) A couple of minor nits, mostly related to formatting: - In sections 2.1.x and 2.2.1-2, you list out individual attacks as bullet items. In section 2.2.3, you mention several attacks but do not list them as bullet items. For the sake of consistency you might want to consider doing so. - Sections 2.1.1 and 2.2.1 do not have introductory sentences but purely include bullets. I don't know if you care about being consistent with the other sections. - In section 2.2.3, there is a missing "the" in the first sentence: "The LF can be THE object of DoS attacks." - In section 2.3 there are a couple of places in the first sentence where you use "signaling function" but I think to be grammatically correct it should be "the signaling function". (As I wonder if I'm going to unleash another grammar rathole... ) - In sections 2.3.2.1 and 2.3.2.2 the bullets suddenly disappeared (at least on http://www.ietf.org/internet-drafts/draft-niccolini- speermint-voipthreats-03.txt ) - Section 2.4.1 again has no bullets while 2.4.2-2.4.3 do Like I said, really all just formatting issues. The only real substantive comment I'll make is to ask this - have you considered if there is a threat of what I'll call a "self-inflicted DoS" within the SPEERMINT architecture? By that I mean what happens when, for instance, there is a power outage and upon the return of power there is a large flood as all the SIP devices send INVITEs to the registrar. Obviously that instance doesn't impact the SPEERMINT architecture, but are there similar issues? For instance, misconfiguration of one SIP provider's servers sending a flood of bogus packets within the peering fabric? If there are such situations it may make sense to at least mention them in this document. I find that people often focus on the external attackers and forget to look at how to protect against internal configuration problems that can have the same ultimate effect as an external attacker. Overall a great document, Dan On Feb 22, 2008, at 1:25 PM, Saverio Niccolini wrote: > Hi, > > a new version of the VoIP Threats draft is available. > Main changes are: > -- adapted to the terminology draft > -- added the BCPs > > Comments are appreciated, > Saverio > >> -----Original Message----- >> From: i-d-announce-bounces@ietf.org >> [mailto:i-d-announce-bounces@ietf.org] On Behalf Of >> Internet-Drafts@ietf.org >> Sent: Friday, February 22, 2008 1:45 PM >> To: i-d-announce@ietf.org >> Subject: I-D Action:draft-niccolini-speermint-voipthreats-03.txt >> >> A New Internet-Draft is available from the on-line >> Internet-Drafts directories. >> >> Title : SPEERMINT Security BCPs >> Author(s) : S. Niccolini, et al. >> Filename : draft-niccolini-speermint-voipthreats-03.txt >> Pages : 22 >> Date : 2008-02-22 >> >> This memo presents the different security threats related to >> SPEERMINT classifying them into threats to the Location >> Function, to the Signaling Function and to the Media >> Function. The different instances of the threats are briefly >> introduced inside the classification. Finally the existing >> security solutions in SIP and RTP/RTCP are presented to >> describe the countermeasures currently available for such >> threats. The objective of this document is to identify and >> enumerate the SPEERMINT-specific threat vectors in order to >> specify security-related requirements. Once the requirements >> are identified, methods and solutions how to achieve such >> requirements can be selected. >> >> A URL for this Internet-Draft is: >> http://www.ietf.org/internet-drafts/draft-niccolini-speermint- >> voipthreats-03.txt >> >> To remove yourself from the I-D Announcement list, send a >> message to i-d-announce-request@ietf.org with the word >> unsubscribe in the body of the message. >> You can also visit https://www1.ietf.org/mailman/listinfo/I-D- >> announce >> to change your subscription settings. >> >> Internet-Drafts are also available by anonymous FTP. Login >> with the username "anonymous" and a password of your e-mail >> address. After logging in, type "cd internet-drafts" and then >> "get draft-niccolini-speermint-voipthreats-03.txt". >> >> A list of Internet-Drafts directories can be found in >> http://www.ietf.org/shadow.html or >> ftp://ftp.ietf.org/ietf/1shadow-sites.txt >> >> Internet-Drafts can also be obtained by e-mail. >> >> Send a message to: >> mailserv@ietf.org. >> In the body type: >> "FILE >> /internet-drafts/draft-niccolini-speermint-voipthreats-03.txt". >> >> NOTE: The mail server at ietf.org can return the document in >> MIME-encoded form by using the "mpack" utility. To use this >> feature, insert the command "ENCODING mime" before the "FILE" >> command. To decode the response(s), you will need "munpack" or >> a MIME-compliant mail reader. Different MIME-compliant >> mail readers >> exhibit different behavior, especially when dealing with >> "multipart" MIME messages (i.e. documents which have been split >> up into multiple messages), so check your local documentation on >> how to manipulate these messages. >> >> Below is the data which will enable a MIME compliant mail >> reader implementation to automatically retrieve the ASCII >> version of the Internet-Draft. >> > ============================================================ > Dr. Saverio Niccolini > Senior Researcher > NEC Laboratories Europe, Network Research Division > Kurfuerstenanlage 36, D-69115 Heidelberg > Tel. +49 (0)6221 4342-118 > Fax: +49 (0)6221 4342-155 > e-mail: saverio.niccolini@nw.neclab.eu <-- !!! NEW ADDRESS !!! > ============================================================ > NEC Europe Limited Registered Office: NEC House, 1 Victoria > Road, London W3 6BL Registered in England 2832014<draft-niccolini- > speermint- > voipthreats-03.URL>_______________________________________________ > Speermint mailing list > Speermint@ietf.org > http://www.ietf.org/mailman/listinfo/speermint -- Dan York, CISSP, Director of Emerging Communication Technology Office of the CTO Voxeo Corporation dyork@voxeo.com Phone: +1-407-455-5859 Skype: danyork http://www.voxeo.com Blogs: http://blogs.voxeo.com http://www.disruptivetelephony.com Bring your web applications to the phone. Find out how at http://evolution.voxeo.com
_______________________________________________ Speermint mailing list Speermint@ietf.org http://www.ietf.org/mailman/listinfo/speermint
- [Speermint] FW: I-D Action:draft-niccolini-speerm… Saverio Niccolini
- Re: [Speermint] FW: I-D Action:draft-niccolini-sp… Dan York
- Re: [Speermint] FW: I-D Action:draft-niccolini-sp… Saverio Niccolini
- Re: [Speermint] FW: I-D Action:draft-niccolini-sp… Dan York