< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index	Next in Thread >

RE: [reSIProcate] FlowId Class Questions

From: david Butcher <david@xxxxxxxxxxxxxx>
Date: Wed, 08 Jun 2005 19:56:15 -0400

Certainly easy enough to keep a map from token to pointer (avoids the pointer
parsing ickiness) Let's avoid collisions explicitly this time -- keeps the
tokens smaller.

Not sure worrying about a sniff-based attack is worthwhile.

david



Quoting Derek MacDonald <derek@xxxxxxxx>:

Point taken.  That's more intersting w/ respect to the connectionId part.
The "use other flow id" attack will still happen if somebody is sniffing
flowIds and re-using them.  Of course, it would be nice to force them to
sniff.

-----Original Message-----
From: resiprocate-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto:resiprocate-
devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Alan Hawrylyshen
Sent: Wednesday, June 08, 2005 4:13 PM
To: resiprocate-devel@xxxxxxxxxxxxxxxxxxx resiprocate-devel
Subject: [reSIProcate] FlowId Class Questions

Oops, posting to the list too.

On Jun 8, 2005, at 16:50, Derek MacDonald wrote:

> Dlb & I talked about this; if that pointer isn't in a set of valid
> pointers
> it will be treated as bad. It really doesn't matter if we use a map
> token or
> an existence check by a set in this case.
>
> Once the GruuMonkey is more written FlowId can be tweaked to work
> the other
> way.
>
>

I disagree -- pointers will follow a particular pattern and a
malicious client will be able to convince you to use someone else's
response context or connection by guessing a flowid. I would argue
that a map, with random keys is a lightweight approach that mitigates
this attack.

You don't want to answer the question "is this pointer valid?" but
"is this pointer valid for this  SIP transaction / context?".
Therefore, in order to prevent a trivial attack mechanism, there
needs to be some way of preventing the 'wire-space' people from
suggesting a flowid.  This can be done with randomization and a
porous key-space or by incorporating some sort of message
authentication technique for the flowid.  I get the shivers thinking
about taking  a pointer value or index from the wire without a way to
qualify it to the appropriate scope.

Thoughts?

A

_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxxxxxx
https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel



_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxxxxxx
https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel

Follow-Ups:
- Re: [reSIProcate] FlowId Class Questions
  - From: Alan Hawrylyshen

References:
- RE: [reSIProcate] FlowId Class Questions
  - From: Derek MacDonald

Prev by Date: RE: [reSIProcate] FlowId Class Questions
Next by Date: [reSIProcate] fedora core 3 make errors
Previous by thread: RE: [reSIProcate] FlowId Class Questions
Next by thread: Re: [reSIProcate] FlowId Class Questions
Index(es):
- Date
- Thread