[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Draft: draft-holmberg-sip-keep-00.txt

To: Hadriel Kaplan <HKaplan at acmepacket.com>
Subject: Re: [Sip] Draft: draft-holmberg-sip-keep-00.txt
From: Fredrik Thulin <ft at it.su.se>
Date: Wed, 07 May 2008 10:08:14 +0200
Cc: "sip at ietf.org" <sip at ietf.org>, Francois Audet <audet at nortel.com>, Christer Holmberg <christer.holmberg at ericsson.com>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <E6C2E8958BA59A4FB960963D475F7AC30BD7FD367F@mail.acmepacket.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <CA9998CD4A020D418654FCDEF4E707DF046C7761@esealmw113.eemea.ericsson.se> <18464.32846.367237.654872@taimen.test.fi> <1ECE0EB50388174790F9694F77522CCF169722C3@zrc2hxm0.corp.nortel.com> <18464.40898.695492.290843@taimen.test.fi> <1ECE0EB50388174790F9694F77522CCF169723EE@zrc2hxm0.corp.nortel.com> <18464.43200.840240.726767@taimen.test.fi> <E6C2E8958BA59A4FB960963D475F7AC30BD7FD367F@mail.acmepacket.com>
Sender: sip-bounces at ietf.org
User-agent: Thunderbird 2.0.0.14 (Windows/20080421)

Hadriel Kaplan wrote:
> Actually, it will cause problems for the device sending STUN, because that next-hop proxy will (rightly) consider it a malformed attack and blacklist the sender.

It's not reasonable for a proxy to blacklist source IPs sending it stuff 
it doesn't like.

If you receive a UDP packet, it's a really rare case that you can know 
that the source IP wasn't spoofed.

If you blacklist based on source IP addresses, it will be very easy to 
denial of service your proxy by getting it to blacklist real clients or 
other SIP proxies for example. That will be a much bigger problem for 
you than actually writing code that don't die when it receives unknown 
data (which you should do anyway, of course).

/Fredrik
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] Draft: draft-holmberg-sip-keep-00.txt
  - From: Hadriel Kaplan

References:
- [Sip] Draft: draft-holmberg-sip-keep-00.txt
  - From: Christer Holmberg
- [Sip] Draft: draft-holmberg-sip-keep-00.txt
  - From: Juha Heinanen
- Re: [Sip] Draft: draft-holmberg-sip-keep-00.txt
  - From: Francois Audet
- Re: [Sip] Draft: draft-holmberg-sip-keep-00.txt
  - From: Juha Heinanen
- Re: [Sip] Draft: draft-holmberg-sip-keep-00.txt
  - From: Francois Audet
- Re: [Sip] Draft: draft-holmberg-sip-keep-00.txt
  - From: Juha Heinanen
- Re: [Sip] Draft: draft-holmberg-sip-keep-00.txt
  - From: Hadriel Kaplan

Prev by Date: Re: [Sip] WGLC of essential correction drafts
Next by Date: Re: [Sip] Draft: draft-holmberg-sip-keep-00.txt
Previous by thread: Re: [Sip] Draft: draft-holmberg-sip-keep-00.txt
Next by thread: Re: [Sip] Draft: draft-holmberg-sip-keep-00.txt
Index(es):
- Date
- Thread