Sept. 20, 2010
8:06 p.m.
On 09/20/2010 03:19 PM, Jay Hennigan wrote:
In most cases SIP transactions are UDP, hence trivially spoofed.
I would not say "trivially." Yes, the individual messages that make up the transaction can be spoofed, but not the transaction as a whole; there is an elaborate state machine whose demands must be satisfied for this to take place. If encumbered by any type of authentication, it won't. -- Alex Balashov - Principal Evariste Systems LLC 1170 Peachtree Street 12th Floor, Suite 1200 Atlanta, GA 30309 Tel: +1-678-954-0670 Fax: +1-404-961-1892 Web: http://www.evaristesys.com/