Nov. 20, 2015
3:13 p.m.
On 11/20/2015 04:09 PM, Calvin Ellison wrote:
challenge to BYE should mitigate that particular targeted attack.
Spoofed sequential (in-dialog) requests strike me as less of a concern than initial requests, since, in order for the BYE to match an existing dialog in the phone's UAS, the attacker would have to spoof a valid From & To-tag, Call-ID, CSeq, etc. -- Alex Balashov | Principal | Evariste Systems LLC 303 Perimeter Center North, Suite 300 Atlanta, GA 30346 United States Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/