Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Servers
draft-zourzouvillys-sip-via-cookie-02
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Author | Theo Zourzouvillys | ||
| Last updated | 2009-03-02 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document addresses a vulnerability in publicly accessible SIP servers (servers includes both UASes and proxies) that enables them to be used as an amplifier in an untracable reflected denial of service attack. The amplification ratio is between 1:10 to over 1:350 in both packets and bytes. As a proposed solution, a mechanism for stateless cookie exchange between a SIP server and client to ensure that a public SIP server that wishes to accept SIP requests from hosts over datagram can not be used as an amplifier for a denial of service attack. This brings SIP over datagram transports (such as UDP) in line with TCP in terms of routability to the source IP address.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)