Re: SIP based attacks??

["Jay D. Dyson" <jdyson () treachery net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 3 Dec 2004, Mark Teicher wrote:

> Has anyone observed SIP network based exploits such as:
>
> Malformed SIP Message attacks
> SIP register flooding attacks
> Injection of unauthorized RTP session attacks
> DDOS into existing RTP Flow attacks
> RTP session hijacking attacks
>
> in a live production network not just simulation?

	Last I saw, the Session Initiation Protocol (SIP) was being 
championed exclusively by Microsoft and everyone else was using the IETF 
standard XMPP.  Moreover, most of the Microsoft SIP products were -- last 
time I looked -- hardly what you'd call ready for prime-time.

	Heck, 99.9% of the literature I've seen on SIP is little but a 
valentine that Microsoft wrote to itself.  And I'm being nice here.

	The most recent news on the subject that I've seen indicated that 
Microsoft planned a release on December 1st for the latest version of its 
server software which (and I quote) "aims to give companies more secure 
instant messaging and other corporate communications tools."

	*ahem*  Microsoft offering a "secure" service?  That'll be a 
refreshing change from the usual MS-malware fare.

- -Jay

   (    (                                                        _______
   ))   ))   .-"There's always time for a good cup of coffee"-.   >====<--.
 C|~~|C|~~| (>----- Jay D. Dyson -- jdyson () treachery net -----<) |    = |-'
  `--' `--'  `---- Doves fly in flocks.  Eagles fly solo. ----'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQFBsKzsBYoRACwSF0cRAjXcAJ91bMTy1Vfy8zECuHmP6Rb3usQ7YwCgqQGv
082LrVqg6wdkCuMqLWa8OCk=
=ftmn
-----END PGP SIGNATURE-----