[VOIPSEC] RTP-borne virus examples?

[dhiraj.2.bhuyan at bt.com]

Engrypting the media stream won't solve all the problems. But not doing
so will leave a big hole in your defense. Authenticating and validating
each and every packet is one step forward towards building a secure VoIP
platform. I agree that this won't solve the problem arising from buggy
user agents. But it will be wrong to assume that RTP borne viruses will
only originate from "buggy user agents". There will be malicious user
agents and there will be remotely exploitable vulnerabilities - it is a
fact of life. Of course we still need to take care of buggy user agents.
And I think the "Trusted Computing Platform"
(https://www.trustedcomputinggroup.org/home) is one way of dealing it. 

---
Dhiraj Bhuyan, CISSP
Senior Network Security Researcher,
pp2A, Rigel House, BT Group CTO
Martlesham Heath, Ipswich, IP5 3RE

 
-----Original Message-----
From: Dustin D. Trammell [mailto:dtrammell at sipera.com] 
Sent: 02 December 2005 16:47
To: Bhuyan,D,Dhiraj,CXR7 R
Cc: Voipsec at voipsa.org
Subject: Re: [VOIPSEC] RTP-borne virus examples?

On Fri, 2005-12-02 at 15:48 +0000, dhiraj.2.bhuyan at bt.com wrote:
> Securing the media stream (using IPSec for example) will solve many 
> such issues. But in my opinion, there seems to be not much interest in

> securing the media stream at this moment. I might be wrong
(hopefully!).

How exactly would using IPsec to secure a malicious media stream solve
the issue?  If an attacker is sending malicious RTP packets, they're
malicious, regardless of the transport.  Granted, the attacker would
have to establish an IPsec session, which most likely will require some
form of authentication allowing for a level of accountability, but
adding IPsec only limits the scope of the attack vector, it doesn't
solve the issue, which is a buggy phone or gateway crashing when an
attacker sends it malicious RTP traffic.

--
Dustin D. Trammell
Vulnerability Researcher
Sipera Systems Inc. http://www.sipera.com