[VoiceOps] VoIP Abuse Project

Alex Balashov abalashov at evaristesys.com
Mon Sep 20 21:06:18 EDT 2010


On 09/20/2010 03:19 PM, Jay Hennigan wrote:

> In most cases SIP transactions are UDP, hence trivially spoofed.

I would not say "trivially."  Yes, the individual messages that make 
up the transaction can be spoofed, but not the transaction as a whole; 
  there is an elaborate state machine whose demands must be satisfied 
for this to take place.  If encumbered by any type of authentication, 
it won't.

-- 
Alex Balashov - Principal
Evariste Systems LLC
1170 Peachtree Street
12th Floor, Suite 1200
Atlanta, GA 30309
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/


More information about the VoiceOps mailing list