Security Incidents mailing list archives
RE: SIP based attacks??
From: "Jeremiah Cornelius" <jeremiah () nur net>
Date: Fri, 3 Dec 2004 11:30:02 -0800
Last I saw, the Session Initiation Protocol (SIP) was being championed exclusively by Microsoft and everyone else was using the IETF standard XMPP.
This is a Joke, right? I am unsure how a comment so lacking in accuracy or even informational content passed moderation! Nothing is actually contributed to the requestor's interest in _known_attacks_ on a widely-deployed, standard technology. SIP, Session Initiation Protocol, is described as an IETF RFC 3261. Draft participants include Avaya, Ericsson and AT&T - not Microsoft! http://www.ietf.org/rfc/rfc3261.txt SIP is an Internet-style plain-text protocol, described as analogous to SMTP and HTTP. The IETF charter for the SIP Working Group, with links to all relevant RFCs, is here for review: http://www.ietf.org/html.charters/sip-charter.html Products incorporating the SIP protocol are extensively catalogued - vendors include: AT&T, Lucent, Cisco, Ericsson, Nortel. MS is not even represented in this inventory: http://www.pulver.com/products/sip/ Until very recently, Microsoft was a backer of an earlier, inferior rival to SIP- the H.323 protocol. This is evidenced in the NetMeeting software, which MS is currently deprecating in favor of SIP-enabling MS Messenger and Live Communications Server. -- Jeremiah Cornelius CISSP CCNA MCSE+Sec
-----Original Message----- From: Jay D. Dyson [mailto:jdyson () treachery net] Sent: Friday, December 03, 2004 10:14 AM To: Incidents List Subject: Re: SIP based attacks?? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 3 Dec 2004, Mark Teicher wrote:Has anyone observed SIP network based exploits such as: Malformed SIP Message attacks SIP register flooding attacks Injection of unauthorized RTP session attacks DDOS intoexisting RTPFlow attacks RTP session hijacking attacks in a live production network not just simulation?Last I saw, the Session Initiation Protocol (SIP) was being championed exclusively by Microsoft and everyone else was using the IETF standard XMPP. Moreover, most of the Microsoft SIP products were -- last time I looked -- hardly what you'd call ready for prime-time. Heck, 99.9% of the literature I've seen on SIP is little but a valentine that Microsoft wrote to itself. And I'm being nice here. The most recent news on the subject that I've seen indicated that Microsoft planned a release on December 1st for the latest version of its server software which (and I quote) "aims to give companies more secure instant messaging and other corporate communications tools." *ahem* Microsoft offering a "secure" service? That'll be a refreshing change from the usual MS-malware fare. - -Jay ( ( _______ )) )) .-"There's always time for a good cup of coffee"-. >====<--. C|~~|C|~~| (>----- Jay D. Dyson -- jdyson () treachery net -----<) | = |-' `--' `--' `---- Doves fly in flocks. Eagles fly solo. ----' `------' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (TreacherOS) Comment: See http://www.treachery.net/~jdyson/ for current keys. iD8DBQFBsKzsBYoRACwSF0cRAjXcAJ91bMTy1Vfy8zECuHmP6Rb3usQ7YwCgqQGv 082LrVqg6wdkCuMqLWa8OCk= =ftmn -----END PGP SIGNATURE-----
Current thread:
- SIP based attacks?? Mark Teicher (Dec 03)
- Re: SIP based attacks?? Jay D. Dyson (Dec 03)
- <Possible follow-ups>
- RE: SIP based attacks?? Jeremiah Cornelius (Dec 03)