[VoiceOps] VoIP Abuse Project

James Hess mysidia at gmail.com
Mon Sep 20 21:18:57 EDT 2010

On Mon, Sep 20, 2010 at 8:09 PM, Alex Balashov
<abalashov at evaristesys.com> wrote:
> On 09/20/2010 08:47 PM, James Hess wrote:
>> It might be useful to think about possible deprecation of the use of
>> UDP  for registration, or at least  the requiring of a firm
>> bidirectional acknowledgement with nonce  (as in an authenticated
>> request/acknowledgement), before a registration  "attempt"  can be
>> regarded to fail or succeed.

> "Firm bidirectional acknowledgment" is already required in an authenticated
> REGISTER sequence:

Yes, I think the problem is with authentication failures, not successes.
Implementations might flag a failure at  step 1,  before any round
trip has occured.

The 'spoofer'  may simply reply with a bogus digest.
Either way,  afaict,    the  spoofer never needs to see the challenge
to submit a register
what will produce an authentication failure  (may even be intended to
produce an auth failure as part of the distraction).

The implementation that received the spoof message  sees  REGISTER +
(incorrect digest)
which doesn't reveal that the attacker  never saw the challenge.


More information about the VoiceOps mailing list