[Freeswitch-users] OT: SIP and IP spoofing
mgg at giagnocavo.net
Wed Mar 3 17:25:31 PST 2010
Correct me if I'm wrong; it's fortunately been a while since I've had to deal with SIP details. This attack would depend on the strength of the To tag, right? Hopefully they would append ;received to Vias, so the responses would go to the spoofed IP and not the attacker's IP in the Via. The attacker would have to be able to calculate the To tag to construct a valid ACK.
But that does depend on received being added and secure To tags - hopefully a security-conscious provider would check their side for that.
From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Mathieu Rene
Sent: Wednesday, March 03, 2010 5:35 PM
To: freeswitch-users at lists.freeswitch.org
Subject: Re: [Freeswitch-users] OT: SIP and IP spoofing
Theorically you can spoof the network's ip address as long as you set the contact header to where the reply should be sent.
Avant-Garde Solutions Inc
Office: + 1 (514) 664-1044 x100
Cell: +1 (514) 664-1044 x200
mrene at avgs.ca
On 3-Mar-10, at 3:07 AM, Jonas Gauffin wrote:
> My sip gateway provider are using both IP address locking (only my
> servers IP addresses can use my gateway account) and Digest
> authentication on every call.
> I asked why and they said that the account would be vulnerable to IP
> spoofing otherwise. Is that possible? I mean, if someone fakes my
> servers IP address in the packets, shouldn't the responses be sent
> back to my server and not the one creating the fake packets? Are there
> any other reasons to use both ip locking and digest authentication?
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
More information about the FreeSWITCH-users