< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index Next in Thread >

[reSIProcate] FlowId Class Questions



Oops, posting to the list too.

On Jun 8, 2005, at 16:50, Derek MacDonald wrote:

Dlb & I talked about this; if that pointer isn't in a set of valid pointers it will be treated as bad. It really doesn't matter if we use a map token or
an existence check by a set in this case.

Once the GruuMonkey is more written FlowId can be tweaked to work the other
way.




I disagree -- pointers will follow a particular pattern and a malicious client will be able to convince you to use someone else's response context or connection by guessing a flowid. I would argue that a map, with random keys is a lightweight approach that mitigates this attack.

You don't want to answer the question "is this pointer valid?" but "is this pointer valid for this SIP transaction / context?". Therefore, in order to prevent a trivial attack mechanism, there needs to be some way of preventing the 'wire-space' people from suggesting a flowid. This can be done with randomization and a porous key-space or by incorporating some sort of message authentication technique for the flowid. I get the shivers thinking about taking a pointer value or index from the wire without a way to qualify it to the appropriate scope.

Thoughts?

A