Submit Search
Upload
Trapezoidal VoIP is Evil
•
Download as PPT, PDF
•
0 likes
•
861 views
Aswath Rao
Follow
Presented to VoIP Users Conference on 9/11/2009
Read less
Read more
Technology
Entertainment & Humor
Report
Share
Report
Share
1 of 30
Download now
Recommended
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017
Juan De Bravo
Violent python
Violent python
Xatierlike Lee
Ffonio next gen communication tool for care givers
Ffonio next gen communication tool for care givers
Aswath Rao
Sinnreich Henry Johnston Alan Pt 3
Sinnreich Henry Johnston Alan Pt 3
Carl Ford
WebRTC - a quick introduction
WebRTC - a quick introduction
Olle E Johansson
Wifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and Drink
SecurityTube.Net
Lync 2010 deep dive edge
Lync 2010 deep dive edge
Harold Wong
IPv6 SenD
IPv6 SenD
rabdoul
Recommended
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017
Juan De Bravo
Violent python
Violent python
Xatierlike Lee
Ffonio next gen communication tool for care givers
Ffonio next gen communication tool for care givers
Aswath Rao
Sinnreich Henry Johnston Alan Pt 3
Sinnreich Henry Johnston Alan Pt 3
Carl Ford
WebRTC - a quick introduction
WebRTC - a quick introduction
Olle E Johansson
Wifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and Drink
SecurityTube.Net
Lync 2010 deep dive edge
Lync 2010 deep dive edge
Harold Wong
IPv6 SenD
IPv6 SenD
rabdoul
IPv6 enterprise security - The NAT Returns
IPv6 enterprise security - The NAT Returns
Sanjeev Gupta
Rob "Mubix" Fuller: Attacker Ghost Stories
Rob "Mubix" Fuller: Attacker Ghost Stories
Area41
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Rob Fuller
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for Microservices
Twobo Technologies
JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st Century
Gnu Alsonative
JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st Century
Gnu Alsonative
WebRTC Integration from Tim Panton
WebRTC Integration from Tim Panton
Alan Quayle
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
Siena Perry
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYC
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYC
Alexandre Gouaillard
AusNOG 2016 - The Trouble with NAT
AusNOG 2016 - The Trouble with NAT
Mark Smith
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
Sandro Gauci
V.P.N And Proxy server
V.P.N And Proxy server
Essa Al-Owayyid
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
ir. Carmelo Zaccone
Westhawk integration
Westhawk integration
Tim Panton
Nat
Nat
Humaira Saleem
Ad-Hoc Networking in Linux with Avahi
Ad-Hoc Networking in Linux with Avahi
sinchume
Jingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIP
mattjive
Os Tucker
Os Tucker
oscon2007
Webrtc overview
Webrtc overview
Olle E Johansson
Enthinnai a social enterprise app
Enthinnai a social enterprise app
Aswath Rao
WebRTC-enabled Twitter
WebRTC-enabled Twitter
Aswath Rao
More Related Content
Similar to Trapezoidal VoIP is Evil
IPv6 enterprise security - The NAT Returns
IPv6 enterprise security - The NAT Returns
Sanjeev Gupta
Rob "Mubix" Fuller: Attacker Ghost Stories
Rob "Mubix" Fuller: Attacker Ghost Stories
Area41
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Rob Fuller
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for Microservices
Twobo Technologies
JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st Century
Gnu Alsonative
JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st Century
Gnu Alsonative
WebRTC Integration from Tim Panton
WebRTC Integration from Tim Panton
Alan Quayle
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
Siena Perry
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYC
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYC
Alexandre Gouaillard
AusNOG 2016 - The Trouble with NAT
AusNOG 2016 - The Trouble with NAT
Mark Smith
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
Sandro Gauci
V.P.N And Proxy server
V.P.N And Proxy server
Essa Al-Owayyid
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
ir. Carmelo Zaccone
Westhawk integration
Westhawk integration
Tim Panton
Nat
Nat
Humaira Saleem
Ad-Hoc Networking in Linux with Avahi
Ad-Hoc Networking in Linux with Avahi
sinchume
Jingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIP
mattjive
Os Tucker
Os Tucker
oscon2007
Webrtc overview
Webrtc overview
Olle E Johansson
Similar to Trapezoidal VoIP is Evil
(20)
IPv6 enterprise security - The NAT Returns
IPv6 enterprise security - The NAT Returns
Rob "Mubix" Fuller: Attacker Ghost Stories
Rob "Mubix" Fuller: Attacker Ghost Stories
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for Microservices
JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st Century
JmDNS : Service Discovery for the 21st Century
WebRTC Integration from Tim Panton
WebRTC Integration from Tim Panton
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
APNIC Hackathon IPv4 & IPv6 security & threat comparisons
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYC
Practical webRTC - from API to Solution - webRTC Summit 2014 @ NYC
AusNOG 2016 - The Trouble with NAT
AusNOG 2016 - The Trouble with NAT
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
CommCon 2023 - WebRTC & Video Delivery application security - what could poss...
V.P.N And Proxy server
V.P.N And Proxy server
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Westhawk integration
Westhawk integration
Nat
Nat
Ad-Hoc Networking in Linux with Avahi
Ad-Hoc Networking in Linux with Avahi
Jingle: Cutting Edge VoIP
Jingle: Cutting Edge VoIP
Os Tucker
Os Tucker
Webrtc overview
Webrtc overview
More from Aswath Rao
Enthinnai a social enterprise app
Enthinnai a social enterprise app
Aswath Rao
WebRTC-enabled Twitter
WebRTC-enabled Twitter
Aswath Rao
You can run your own facebook
You can run your own facebook
Aswath Rao
UC in the cloud
UC in the cloud
Aswath Rao
An overview of cloud offering
An overview of cloud offering
Aswath Rao
Carriers own brand_ott_social_sharing_service
Carriers own brand_ott_social_sharing_service
Aswath Rao
Aswath Rao VON.x Spring 2008 Talk
Aswath Rao VON.x Spring 2008 Talk
Aswath Rao
TMC Talk 11092007
TMC Talk 11092007
Aswath Rao
User-centric Social Network
User-centric Social Network
Aswath Rao
More from Aswath Rao
(9)
Enthinnai a social enterprise app
Enthinnai a social enterprise app
WebRTC-enabled Twitter
WebRTC-enabled Twitter
You can run your own facebook
You can run your own facebook
UC in the cloud
UC in the cloud
An overview of cloud offering
An overview of cloud offering
Carriers own brand_ott_social_sharing_service
Carriers own brand_ott_social_sharing_service
Aswath Rao VON.x Spring 2008 Talk
Aswath Rao VON.x Spring 2008 Talk
TMC Talk 11092007
TMC Talk 11092007
User-centric Social Network
User-centric Social Network
Recently uploaded
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
LoriGlavin3
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
LoriGlavin3
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
marketing932765
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
Neo4j
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
Kaya Weers
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
panagenda
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
Hiroshi SHIBATA
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
Bernd Ruecker
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
LoriGlavin3
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
Farhan Tariq
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
Knoldus Inc.
A Framework for Development in the AI Age
A Framework for Development in the AI Age
Cprime
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Nathaniel Shimoni
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
IES VE
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
LoriGlavin3
Recently uploaded
(20)
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
A Framework for Development in the AI Age
A Framework for Development in the AI Age
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Trapezoidal VoIP is Evil
1.
Trapezoidal VoIP is
Evil Aswath Rao www.enthinnai.com VoIP Users Conference 9/11/2009
2.
Trapezoid SIP? A’s
UA B’s Proxy A’s Proxy B’s UA STP message flow RTP flow
3.
Originator’s Proxy is
called Outbound Proxy (evil!)
4.
Yes, it provides
authentication (though unreliable)
5.
A needs
to have a service provider
6.
The two providers
must agree to federate
7.
Akin to ISPs
requiring HTTP Proxy
8.
Security needs may
require it
9.
Otherwise undesirable
10.
Authentication?
11.
OpenID is an
answer Everybody (almost) has it
12.
Let us turn
to B’s Proxy
13.
B’s Proxy is
required
14.
Discovery Dynamic DNS
is a possibility. But how to handle white/black lists?
15.
NAT/FW Traversal
16.
Triangle is a
fact of life
17.
But B’s Proxy
could be a self-hosted server
18.
Putting it all
together …
19.
A uses OpenID
to autheticate herself
20.
B’s Proxy uses
white/black list
21.
Use of ICE
for NAT/FW traversal
22.
But common servers
must be able to run Proxy/ICE SW
23.
EnThinnai is a
realization of these objectives
24.
EnThinnai is an
UC platform
25.
Presence
26.
Text/voice chat Exclusive
use of Speex
27.
Sharing of Digital
information
28.
Permissions based
29.
Minimal client requirement
– Java enabled browser
30.
Minimal server requirement
Download now