[VOIPSEC] Spoof of IP address within a (large) domain
Christopher A. Martin
chris at infravast.com
Thu Mar 24 20:40:06 CST 2005
You can create an entire session with TCP (I have done this manually) where
you are the initiator, it is really up to timing the responses that would be
sent to the real address as the session is set up and sending them. MiM is a
little harder though because of the sequence number, but initiating a brand
new session is trivial.
Christopher A. Martin
P.O. Box 1264
Cedar Hill, Texas 75106
Chris at InfraVAST.com
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Desai, Ashish
> Sent: Thursday, March 24, 2005 9:16 AM
> To: VoipSec
> Subject: RE: [VOIPSEC] Spoof of IP address within a (large) domain
>
>
> Being able to use spoofed IPaddress in a TCP connection is pretty
> hard these days as you have to be able to predict sequence numbers.
>
> So if you make your SIP stack only allow TCP, you significantly reduce
> the spoofing problem.
>
> Ashish
> Fidelity E-Business
> Info Security
>
> > -----Original Message-----
> > From: Chris Calabrese [mailto:chris_calabrese at medco.com]
> > Sent: Thursday, March 24, 2005 9:02 AM
> > Cc: 'VoipSec'
> > Subject: Re: [VOIPSEC] Spoof of IP address within a (large) domain
> >
> > IP addresses are easily spoofed on most networks, and even
> > MAC addresses
> > are spoofable.
> >
> > The SIP RFC specifically states (at least the older version
> > that I read)
> > that you must use IPSec if you expect any level of confidentiality or
> > integrity.
> >
> > Therefore, to start a possible flame war, any claim of
> > security without
> > using IPSec (or possibly some equivalent) is false.
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list