@techreport{zourzouvillys-sip-via-cookie-02,
    number =    {draft-zourzouvillys-sip-via-cookie-02},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-zourzouvillys-sip-via-cookie/02/},
    author =    {Theo Zourzouvillys},
    title =     {{Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Servers}},
    pagetotal = 20,
    year =      2009,
    month =     mar,
    day =       2,
    abstract =  {This document addresses a vulnerability in publicly accessible SIP servers (servers includes both UASes and proxies) that enables them to be used as an amplifier in an untracable reflected denial of service attack. The amplification ratio is between 1:10 to over 1:350 in both packets and bytes. As a proposed solution, a mechanism for stateless cookie exchange between a SIP server and client to ensure that a public SIP server that wishes to accept SIP requests from hosts over datagram can not be used as an amplifier for a denial of service attack. This brings SIP over datagram transports (such as UDP) in line with TCP in terms of routability to the source IP address.},
}