[VOIPSEC] Third string quarterback (re: Blocking PING, etc., etc.)
J. Oquendo
sil at infiltrated.net
Sat Dec 6 17:59:14 CST 2008
I guess I should have included this in my thought process
but as we can discern, sometimes my thought process is
out of sync ;)
Anyhow, take a look at the following sample SIP packet:
INVITE sip:2125551212 at 10.10.10.2 SIP/2.0
Via: SIP/2.0/UDP 10.10.10.1;branch=z3hG2bKfad3cb70f321a8cb
Max-Forwards: 70
To: <sip:2125551212 at 10.10.10.2>
From: <sip:4135551212 at 10.20.30.40>;tag=102
User-Agent: Rutroh
So how can I use this info as bare as it is to
my advantage. In the case of say someone at
the home SIP/UA/ATA level, how can I protect
them if their network is compromised and their
username and password has been "had". Third
option... User-Agent.
Remember, there are always more than one way to do
it. So as a carrier, supposing I wanted to be uber
strict, I could anything I like as an identifier
for means of identification.
If I configured my systems to always make sure
my client (2125551212) is on point, I could even
take a look at the User-Agent and if any anomalies
come through and block em if they don't match.
So it's not a matter of super uber passwords,
even port-security for that matter. It's all
up to the engineer on the end system, bottom
line.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP
"Each player must accept the cards life deals him
or her: but once they are in hand, he or she alone
must decide how to play the cards in order to win
the game." Voltaire
227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E
More information about the Voipsec
mailing list