[SIPForum-techwg] Serious security concern with registration mode

Cullen Jennings fluffy at cisco.com
Tue Feb 17 19:05:53 EST 2009 

This why I think the keep alives are related to the security when  
deployed in this mode. If we did a keep alive every 15 seconds and the  
window of call hijack was only 15 seconds, I would be less worried  
about it. You mention 60 seconds below which is not much worse than 15  
seconds but why is it only 60 seconds and not say 24 hours.


On Feb 12, 2009, at 13:53 , Hadriel Kaplan wrote:

>
> So you have Arch Enemies sitting behind the same NAT?  Keep your  
> friends close and your enemies closer? ;)
>
> Assuming the DHCP change doesn't cause Fluffy's ATA to immediately  
> re-register the new contact, Bob will get Fluffy's calls for about  
> 60 seconds.  But then again Fluffy will get Bob's calls too.  So I  
> figure they're even. :)
>
> But I'm not sure I understand your point - you're describing a  
> scenario with no application or transport layer authentication.  So  
> obviously there is no application or transport layer  
> authentication.  Caveat Emptor?
>
> -hadriel
>
>
>> -----Original Message-----
>> From: techwg-bounces at sipforum.org [mailto:techwg- 
>> bounces at sipforum.org] On
>> Behalf Of Cullen Jennings
>> Sent: Thursday, February 12, 2009 4:39 PM
>> To: SIPForum-TechWG
>> Subject: [SIPForum-techwg] Serious security concern with  
>> registration mode
>>
>>
>> So in the example with the multi tenant building using UDP with the
>> register approach, lets say Fluffy Hair Salon uses sip connect and
>> register with the IP 1.2.3.4 both other tenants in the building are
>> using simple ATA that just answer every call that arrives at port
>> 5060. Now the router in the building reboots because some tripped  
>> over
>> the power cord, all the ATA get a new DHCP address and Fluffy's arch
>> enemy, Bob's Barber shop in the same building, gets 1.2.3.4. At this
>> point Bob is going to be getting all of Fluffy's calls.
>>
>> This seems bad, really bad. Is there something I am missing that  
>> stops
>> this. I don't see how a VPN would help much - or even layer 1  
>> physical
>> security.
>>
>>
>> _______________________________________________
>> techwg mailing list
>> Send mail to: techwg at sipforum.org
>> Unsubscribe or edit options at:
>> http://sipforum.org/mailman/listinfo/techwg

More information about the techwg mailing list