Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com>, sip mailing list <firstname.lastname@example.org>, sip chair <email@example.com> Subject: Protocol Action: 'Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies' to Proposed Standard The IESG has approved the following document: - 'Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies ' <draft-ietf-sip-fork-loop-fix-09.txt> as a Proposed Standard This document is the product of the Session Initiation Protocol Working Group. The IESG contact persons are Cullen Jennings and Jon Peterson. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sip-fork-loop-fix-09.txt
Technical Summary This document normatively updates RFC 3261, the Session Initiation Protocol (SIP), to address a security vulnerability identified in SIP proxy behavior. This vulnerability enables an attack against SIP networks where a small number of legitimate, even authorized, SIP requests can stimulate massive amounts of proxy-to-proxy traffic. This document strengthens loop-detection requirements on SIP proxies when they fork requests (that is, forward a request to more than one destination). It also corrects and clarifies the description of the loop-detection algorithm such proxies are required to implement. Working Group Summary The document was produced by the SIP working group. There is consensus in the WG to publish this document. Document Quality The document has been produced as a result of an issue identified during SIPit interoperability testing.