Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://sfba.social/users/karlauerbach/statuses/112068891409150962">Karl Auerbach (karlauerbach@sfba.social)'s status on Sunday, 10-Mar-2024 11:16:49 JST</a><a href="https://sfba.social/@karlauerbach" title="karlauerbach@sfba.social"><img src="https://gnusocial.jp/avatar/57840-48-20230729035349.webp" width="48" height="48" alt="Karl Auerbach" style="position: absolute; left: 0; top: 0;">Karl Auerbach</a><div><a href="https://mastodon.lawprofs.org/@SteveBellovin/112068397437628547" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/77524" title="stevebellovin@mastodon.lawprofs.org">Steve Bellovin</a></li><li><a href="https://gnusocial.jp/user/85906" title="glent@aus.social">Glen Turner</a></li><li><a href="https://gnusocial.jp/user/173272" title="chris_bloke@mastodon.acm.org">Chris Samuel</a></li></ul></div></section><article><p><a href="https://mastodon.lawprofs.org/@SteveBellovin">@SteveBellovin</a> <a href="https://mastodon.acm.org/@chris_bloke">@chris_bloke</a> <a href="https://aus.social/@glent">@glent</a> <a href="https://federate.social/@mattblaze">@mattblaze</a> I have long considered SIP based VoIP to be vulnerable to the same kind of "route it through my country rather than yours" attack.</p><p>SIP is built to use proxies and it tends to use SRV records to find those proxies. If one gets hold of DNS in a way to forge those SRV responses, one can send the SIP data stream (typically RTP) via a spying proxy.  Usually any encryption to the actual media stream is piecemeal source=&gt;proxy=&gt;proxy=&gt;destination.</p><p>And watching the SIP headers, which also tend to be visible at proxies, opens the door to traffic analysis.</p><p>I wrote about this long ago...</p><p>What Could You Do With Your Own Root Server?</p><p><a href="https://www.cavebear.com/old_cbblog/000232.html" rel="nofollow noreferrer">https://www.cavebear.com/old_cbblog/000232.html</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2808454#notice-5571271">In conversation</a><time datetime="2024-03-10T11:16:49+09:00" title="Sunday, 10-Mar-2024 11:16:49 JST">about 9 months ago</time> <span>from <span><a href="https://sfba.social/@karlauerbach/112068891409150962" rel="external" title="Sent from sfba.social via ActivityPub">sfba.social</a></span></span><a href="https://sfba.social/@karlauerbach/112068891409150962">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Karl Auerbach (karlauerbach@sfba.social)'s status on Sunday, 10-Mar-2024 11:16:49 JSTKarl Auerbach
in reply to
@SteveBellovin @chris_bloke @glent @mattblaze I have long considered SIP based VoIP to be vulnerable to the same kind of "route it through my country rather than yours" attack.
SIP is built to use proxies and it tends to use SRV records to find those proxies. If one gets hold of DNS in a way to forge those SRV responses, one can send the SIP data stream (typically RTP) via a spying proxy. Usually any encryption to the actual media stream is piecemeal source=>proxy=>proxy=>destination.
And watching the SIP headers, which also tend to be visible at proxies, opens the door to traffic analysis.
I wrote about this long ago...
What Could You Do With Your Own Root Server?
https://www.cavebear.com/old_cbblog/000232.html
In conversationabout 9 months ago from sfba.socialpermalink

Public

Embed Notice

HTML Code

Corresponding Notice