[VOIPSEC] Actual Attacks - UA handling

Brian Rosen br at brianrosen.net
Tue Mar 8 07:53:35 CST 2005 

Unless you know your product will only be used on a network with an MTU of
1500, and you know it will never be used with TCP, then 1300 or so bytes per
message might be reasonable.

VERY few devices, if any, know this.   TCP is being used increasingly with
SIP, and I would not be surprised if most SIP is TCP in a couple of years.

It is legal to send, for example, a RequestURI that is path MTU minus a few
dozen bytes.  If you are rejecting messages with RequestURIs that are longer
than 256 bytes, you are non compliant with the spec.

Even the smallest embedded processor has enough memory to cope with 64K
messages, and it's not hard to code so that any component can be that big
without using megabytes to preallocate data structures at maximum size.  I
think it is a serious mistake to assume 1300 byte packets and 256 byte
components.

Brian

> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Geoff Devine
> Sent: Monday, March 07, 2005 11:19 PM
> To: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] Actual Attacks - UA handling
> 
> Brian Rosen writes:
> > Basically, the size of most text fields should not be limited anything
> close
> > to 256.  Generally, the spec allows text fields of any length, but in
> > practice a message has to fit in a packet, and thus you have an
> effective
> > limit of 64K for the message.  It's theoretically possible to have
> headers
> > in a message sent with TCP be longer than that, but I don't think you
> will
> > see anyone complain about limiting total message length to 64K.
> 
> 
> If you look at RFC 3261, you'll see:
> 
>    "If a request is within 200 bytes of the path MTU, or if it is larger
>    than 1300 bytes and the path MTU is unknown, the request MUST be sent
>    using an RFC 2914 [43] congestion controlled transport protocol, such
>    as TCP."
> 
> And
> 
>    "However,
>    implementations MUST be able to handle messages up to the maximum
>    datagram packet size.  For UDP, this size is 65,535 bytes, including
>    IP and UDP headers."
> 
> Given that most SIP implementations only run over UDP, an overall
> 1300-ish byte maximum PDU limit is what you'd expect to see in
> operational networks.  You'd size internal data structures assuming
> that's the "typical" biggest PDU you'll see.  256 might not be quite big
> enough but it doesn't make much sense in a memory-limited environment to
> build something that is optimized to deal with objects bigger than 1K or
> so.  You have to code defensively to meet the 64K normative requirement
> but that's not the real world.
> 
> Geoff
> 
> 
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list