Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: SIP based attacks??

From: "Jeremiah Cornelius" <jeremiah () nur net>
Date: Fri, 3 Dec 2004 11:30:02 -0800
      Last I saw, the Session Initiation Protocol (SIP) was 
being championed exclusively by Microsoft and everyone else 
was using the IETF standard XMPP. 


This is a Joke, right?  I am unsure how a comment so lacking in accuracy
or even informational content passed moderation!  Nothing is actually
contributed to the requestor's interest in _known_attacks_ on a
widely-deployed, standard technology.

SIP, Session Initiation Protocol, is described as an IETF RFC 3261.
Draft participants include Avaya, Ericsson and AT&T - not Microsoft!
http://www.ietf.org/rfc/rfc3261.txt

SIP is an Internet-style plain-text protocol, described as analogous to
SMTP and HTTP.  The IETF charter for the SIP Working Group, with links
to all relevant RFCs, is here for review:
http://www.ietf.org/html.charters/sip-charter.html

Products incorporating the SIP protocol are extensively catalogued -
vendors include: 
AT&T, Lucent, Cisco, Ericsson, Nortel.  MS is not even represented in
this inventory:
http://www.pulver.com/products/sip/

Until very recently, Microsoft was a backer of an earlier, inferior
rival to SIP- the H.323 protocol.  This is evidenced in the NetMeeting
software, which MS is currently deprecating in favor of SIP-enabling MS
Messenger and Live Communications Server.

--
Jeremiah Cornelius
CISSP CCNA MCSE+Sec


-----Original Message-----
From: Jay D. Dyson [mailto:jdyson () treachery net] 
Sent: Friday, December 03, 2004 10:14 AM
To: Incidents List
Subject: Re: SIP based attacks??

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 3 Dec 2004, Mark Teicher wrote:


Has anyone observed SIP network based exploits such as:

Malformed SIP Message attacks
SIP register flooding attacks
Injection of unauthorized RTP session attacks DDOS into 

existing RTP 

Flow attacks RTP session hijacking attacks

in a live production network not just simulation?


      Last I saw, the Session Initiation Protocol (SIP) was 
being championed exclusively by Microsoft and everyone else 
was using the IETF standard XMPP.  Moreover, most of the 
Microsoft SIP products were -- last time I looked -- hardly 
what you'd call ready for prime-time.

      Heck, 99.9% of the literature I've seen on SIP is 
little but a valentine that Microsoft wrote to itself.  And 
I'm being nice here.

      The most recent news on the subject that I've seen 
indicated that Microsoft planned a release on December 1st 
for the latest version of its server software which (and I 
quote) "aims to give companies more secure instant messaging 
and other corporate communications tools."

      *ahem*  Microsoft offering a "secure" service?  That'll 
be a refreshing change from the usual MS-malware fare.

- -Jay

    (    (                                                    
    _______
    ))   ))   .-"There's always time for a good cup of 
coffee"-.   >====<--.
  C|~~|C|~~| (>----- Jay D. Dyson -- jdyson () treachery net 
-----<) |    = |-'
   `--' `--'  `---- Doves fly in flocks.  Eagles fly solo. 
----'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQFBsKzsBYoRACwSF0cRAjXcAJ91bMTy1Vfy8zECuHmP6Rb3usQ7YwCgqQGv
082LrVqg6wdkCuMqLWa8OCk=
=ftmn
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: