< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index	Next in Thread >

[reSIProcate] FlowId Class Questions

From: Alan Hawrylyshen <alan@xxxxxxxxxx>
Date: Wed, 8 Jun 2005 17:12:36 -0600


Oops, posting to the list too.

On Jun 8, 2005, at 16:50, Derek MacDonald wrote:

Dlb & I talked about this; if that pointer isn't in a set of validpointersit will be treated as bad. It really doesn't matter if we use a maptoken or
an existence check by a set in this case.
Once the GruuMonkey is more written FlowId can be tweaked to workthe other
way.

I disagree -- pointers will follow a particular pattern and amalicious client will be able to convince you to use someone else'sresponse context or connection by guessing a flowid. I would arguethat a map, with random keys is a lightweight approach that mitigatesthis attack.

You don't want to answer the question "is this pointer valid?" but"is this pointer valid for this SIP transaction / context?".Therefore, in order to prevent a trivial attack mechanism, thereneeds to be some way of preventing the 'wire-space' people fromsuggesting a flowid. This can be done with randomization and aporous key-space or by incorporating some sort of messageauthentication technique for the flowid. I get the shivers thinkingabout taking a pointer value or index from the wire without a way toqualify it to the appropriate scope.


Thoughts?

A

Follow-Ups:
- RE: [reSIProcate] FlowId Class Questions
  - From: Derek MacDonald

Prev by Date: RE: [reSIProcate] FlowId Class Questions
Next by Date: RE: [reSIProcate] FlowId Class Questions
Previous by thread: RE: [reSIProcate] FlowId Class Questions
Next by thread: RE: [reSIProcate] FlowId Class Questions
Index(es):
- Date
- Thread