[SPAM] RE: [VOIPSEC] Actual Attacks

Christopher A. Martin chris at infravast.com
Sun Feb 27 08:43:21 CST 2005 


Christopher A. Martin
P.O. Box 1264
Cedar Hill, Texas 75106
Chris at InfraVAST.com
> -----Original Message-----
> From: Brian Rosen [mailto:br at brianrosen.net]
> Sent: Saturday, February 26, 2005 12:35 PM
> To: Chris at sip1.com; 'Geoff Devine'; Voipsec at voipsa.org
> Subject: [SPAM] RE: [VOIPSEC] Actual Attacks
> 
> > How about call diversion or splitting of media to listen to the
> > conversation? It is a valid feature of SIP to add more endpoints to the
> > media session (such as conferencing). If a security mechanism is not in
> > place to prevent the unauthorized form of this it is another valid
> (maybe
> > not existing, but there are many bright minds out there) risk.
> Endpoints can tell if a conforming device is connecting them to a
> conference
> bridge (the "isFocus" parameter will be present), but of course a non
> conforming implementation could lie about that.  Of course, this is not
> really any different from any other telephony system in that you don't
> really know what the other end is doing with your media.

> 
> Security mechanisms can't help you here.  You can authenticate the
> endpoint,
> but if it authenticates, that's it, whether it's keeping the conversation
> confidential, or podcasting it from some website.  There is no way to
> cause you to send you media to multiple places at once (well, there are
> "end
> system mixed" conference mechanisms, but when those are used, you KNOW
> that
> your audio is being sent multiple places).

It might also be performed without using the SIP signaling once the path has
been setup, by using the RTCP to control it...speculative of course...but it
seems plausible.> 

Either way, you are correct, you would know if you were a techie, but an end
user off the street or in the boardroom wouldn't have a clue.

> >
> > Or theft of service from the telco... VoIP PSTN gateways for instance do
> > not
> > require authentication today...unless the carrier implements concurrent
> > call
> > limiting they could attempt to deploy more VoIP services bypassing the
> > carrier...Tom wrote some good examples of this.
> Hmmm.  Moat carriers I know control access to the gateway.
> Only calls that arrive via their call server are accepted.  I don't like
> that answer; I really do want authentication at the gateway, but that
> particular hole has been plugged on most networks.

I actually was referring to rogue gateways implemented in the
customer/public network that interoperate with a carrier using addresses
that are expected from the carrier. One could add more interfaces to the
gateway and double or triple the original session capabilities. You may be
able to mask more clients with a rogue gateway or even a proxy and stolen
account information (with the current authentication means available to us
today) obtained by traditional theft tactics and if you are behind a NAT
this would appear to be coming from the same location when in the backend of
the customer network the signaling could actually be coming from many
locations over a different path.

> 
> Brian

More information about the Voipsec mailing list