[asterisk-dev] Asterisk Beacon Module Proposal
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Wed May 13 02:29:01 CDT 2015
On Tue, May 12, 2015 at 01:24:17PM -0500, Scott Griepentrog wrote:
>
> On Tue, May 12, 2015 at 12:59 PM, Tzafrir Cohen <tzafrir.cohen at xorcom.com>
> wrote:
>
> > Quoting the spec:
> >
> > | Spoofing
> > |
> > | In order to limit spoofing, the server will return a token for all
> > | accepted requests to a server. Any subsequent requests to that resource
> > | must present the token in the request. If a subsequent request fails to
> > | provide the token, the request is rejected. Tokens expire after 48
> > | hours, at which point, a request does not have to provide a token. If a
> > | request does provide a token that is expired - and no token is required
> > | at that point - the request should be accepted and a new token granted.
> > | Once a request is made without a token (and no token is expected), a new
> > | token is issued for subsequent requests.
> > |
> > | So long as Asterisk's transmission of data occurs faster than once every
> > | 48 hours, a malicious entity will not be able to spoof a resource. If a
> > | system is down then a remote system can 'take over' a system, and the
> > | legitimate system's attempts will be rejected. If that occurs... oh
> > | well. It is anonymous data.
> >
> > I'm not sure I understand the need for the token. The Debian
> > popularity-contest (popcon, [1]) only identifies systems by a single
> > random token (MY_HOSTID in /etc/popularity-contest.conf). It supports
> > sending information by mail as well (thus: completely
> > non-interactively). I don't see what the extra temporary token buys
> > here.
> >
> > Just send a report that includes the (random) server ID. Nobody should
> > be able to copy those (as they are only sent encrypted over the
> > internet). And in any event, why would anybody want to spoof that (as
> > opposed to merely add records to skew the stats, which is possible
> > either way just as easily).
> >
> > What am I missing here?
> >
> > [1] https://packages.debian.org/sid/popularity-contest
>
> So as opposed to spoofing, there is also the case that someone having a
> copy of Asteirsk in a virtual machine clones it, and ends up with two
> instances reporting the same random ID. With the spoofing detection
> mechanism (using tokens to get an ID from the server), the effect of this
> case is minimized as each one will end up getting a new ID after token
> timeout.
So let's assume I have to cloned servers, A and B. Both have the same
ID, but each gets a different (temporary) token.
I assume tokens don't live very long. So now you need to corelate a
number of temporary tokens with A and others with B. If they do live
long enough, they might get cloned. The corelation of temporary IDs to
different servers does not seem reliable enough for me.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com
More information about the asterisk-dev
mailing list