[reSIProcate] FlowId Class Questions

david Butcher david at purplecomm.com
Wed Jun 8 18:56:15 CDT 2005 

Certainly easy enough to keep a map from token to pointer (avoids the pointer
parsing ickiness) Let's avoid collisions explicitly this time -- keeps the
tokens smaller.

Not sure worrying about a sniff-based attack is worthwhile.

david



Quoting Derek MacDonald <derek at xten.com>:

> Point taken.  That's more intersting w/ respect to the connectionId part.
> The "use other flow id" attack will still happen if somebody is sniffing
> flowIds and re-using them.  Of course, it would be nice to force them to
> sniff.
>
>> -----Original Message-----
>> From: resiprocate-devel-bounces at list.sipfoundry.org [mailto:resiprocate-
>> devel-bounces at list.sipfoundry.org] On Behalf Of Alan Hawrylyshen
>> Sent: Wednesday, June 08, 2005 4:13 PM
>> To: resiprocate-devel at list.sipfoundry.org resiprocate-devel
>> Subject: [reSIProcate] FlowId Class Questions
>>
>>
>> Oops, posting to the list too.
>>
>> On Jun 8, 2005, at 16:50, Derek MacDonald wrote:
>>
>> > Dlb & I talked about this; if that pointer isn't in a set of valid
>> > pointers
>> > it will be treated as bad. It really doesn't matter if we use a map
>> > token or
>> > an existence check by a set in this case.
>> >
>> > Once the GruuMonkey is more written FlowId can be tweaked to work
>> > the other
>> > way.
>> >
>> >
>>
>>
>> I disagree -- pointers will follow a particular pattern and a
>> malicious client will be able to convince you to use someone else's
>> response context or connection by guessing a flowid. I would argue
>> that a map, with random keys is a lightweight approach that mitigates
>> this attack.
>>
>> You don't want to answer the question "is this pointer valid?" but
>> "is this pointer valid for this  SIP transaction / context?".
>> Therefore, in order to prevent a trivial attack mechanism, there
>> needs to be some way of preventing the 'wire-space' people from
>> suggesting a flowid.  This can be done with randomization and a
>> porous key-space or by incorporating some sort of message
>> authentication technique for the flowid.  I get the shivers thinking
>> about taking  a pointer value or index from the wire without a way to
>> qualify it to the appropriate scope.
>>
>> Thoughts?
>>
>> A
>>
>>
>>
>>
>>
>> _______________________________________________
>> resiprocate-devel mailing list
>> resiprocate-devel at list.sipfoundry.org
>> https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel
>
>
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel at list.sipfoundry.org
> https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel
>

More information about the resiprocate-devel mailing list