[VOIPSEC] Actual Attacks

[Brian Rosen]

> How about call diversion or splitting of media to listen to the
> conversation? It is a valid feature of SIP to add more endpoints to the
> media session (such as conferencing). If a security mechanism is not in
> place to prevent the unauthorized form of this it is another valid (maybe
> not existing, but there are many bright minds out there) risk.
Endpoints can tell if a conforming device is connecting them to a conference
bridge (the "isFocus" parameter will be present), but of course a non
conforming implementation could lie about that.  Of course, this is not
really any different from any other telephony system in that you don't
really know what the other end is doing with your media.

Security mechanisms can't help you here.  You can authenticate the endpoint,
but if it authenticates, that's it, whether it's keeping the conversation
confidential, or podcasting it from some website.  There is no way to
cause you to send you media to multiple places at once (well, there are "end
system mixed" conference mechanisms, but when those are used, you KNOW that
your audio is being sent multiple places).

> 
> Or theft of service from the telco... VoIP PSTN gateways for instance do
> not
> require authentication today...unless the carrier implements concurrent
> call
> limiting they could attempt to deploy more VoIP services bypassing the
> carrier...Tom wrote some good examples of this.
Hmmm.  Moat carriers I know control access to the gateway.
Only calls that arrive via their call server are accepted.  I don't like
that answer; I really do want authentication at the gateway, but that
particular hole has been plugged on most networks.

Brian