[VOIPSEC] Actual Attacks

[Brian Rosen]

Okay, but what is the difference between a DoS attack on the SBC and a DoS
attack on the endpoint?  And what makes you think that making the endpoint
"anonymous", but addressable (albeit indirectly) stops a DoS attack?

This is a form of security by obscurity, and does not offer any real 
security.  SBCs may have some positive security benefits, but anonymization
of the addresses is not one of them.  In  fact it makes the system more
brittle by increasing the number of vulnerablilities (you have two chances
to have a broken implementation instead of one).  

Brian

> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Geoff Devine
> Sent: Tuesday, February 22, 2005 11:17 AM
> To: Voipsec at voipsa.org
> Subject: RE: [VOIPSEC] Actual Attacks
> 
> Christopher A. Martin <chris at sip1.com> writes:
> 
> > - Standard DoS today in terms of flooding cannot be stopped, but it
> can be
> > handled in the Internet backbone (which often occurs transparently
> > so the rest of us don't see it).
> >
> > - Also standard precautions, such as deploying SIP aware firewalls or
> border
> > controllers which handle the media dynamically prevent a majority of
> port
> > scans and other direct attacks which low end devices are typically
> > susceptible to.
> 
> A side effect of using session controllers and their brethren in a VoIP
> architecture is that you make the IP address of the endpoint anonymous.
> This addresses both privacy concerns and makes DoS attacks against a
> subscriber endpoint less likely.  Any architecture that permits media
> streams to flow directly between subscriber endpoints is very vulnerable
> to DoS attacks on those endpoints.
> 
> Geoff
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>