Re: SIP based attacks??

From: Jay D. Dyson (jdyson_at_treachery.net)
Date: 12/03/04

  • Next message: Jeremiah Cornelius: "RE: SIP based attacks??" 
    Date: Fri, 3 Dec 2004 10:13:59 -0800 (PST)
To: Incidents List <incidents@securityfocus.com>

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Fri, 3 Dec 2004, Mark Teicher wrote:

    > Has anyone observed SIP network based exploits such as:
    >
    > Malformed SIP Message attacks
    > SIP register flooding attacks
    > Injection of unauthorized RTP session attacks
    > DDOS into existing RTP Flow attacks
    > RTP session hijacking attacks
    >
    > in a live production network not just simulation?

             Last I saw, the Session Initiation Protocol (SIP) was being
    championed exclusively by Microsoft and everyone else was using the IETF
    standard XMPP. Moreover, most of the Microsoft SIP products were -- last
    time I looked -- hardly what you'd call ready for prime-time.

             Heck, 99.9% of the literature I've seen on SIP is little but a
    valentine that Microsoft wrote to itself. And I'm being nice here.

             The most recent news on the subject that I've seen indicated that
    Microsoft planned a release on December 1st for the latest version of its
    server software which (and I quote) "aims to give companies more secure
    instant messaging and other corporate communications tools."

             *ahem* Microsoft offering a "secure" service? That'll be a
    refreshing change from the usual MS-malware fare.

    - -Jay

        ( ( _______
        )) )) .-"There's always time for a good cup of coffee"-. >====<--.
      C|~~|C|~~| (>----- Jay D. Dyson -- jdyson@treachery.net -----<) | = |-'
       `--' `--' `---- Doves fly in flocks. Eagles fly solo. ----' `------'

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.6 (TreacherOS)
    Comment: See http://www.treachery.net/~jdyson/ for current keys.

    iD8DBQFBsKzsBYoRACwSF0cRAjXcAJ91bMTy1Vfy8zECuHmP6Rb3usQ7YwCgqQGv
    082LrVqg6wdkCuMqLWa8OCk=
    =ftmn
    -----END PGP SIGNATURE-----

  • Next message: Jeremiah Cornelius: "RE: SIP based attacks??"

    Relevant Pages

    • RE: SIP based attacks??
      ... > was using the IETF standard XMPP. ... SIP, Session Initiation Protocol, is described as an IETF RFC 3261. ... Ericsson and AT&T - not Microsoft! ... > Subject: Re: SIP based attacks?? ...
      (Incidents)
    • SIP based attacks??
      ... Has anyone observed SIP network based exploits such as: ... Malformed SIP Message attacks ... Injection of unauthorized RTP session attacks ...
      (Incidents)
    • SecurityFocus Microsoft Newsletter #126
      ... mitigate live attacks. ... MICROSOFT VULNERABILITY SUMMARY ... IBM Lotus iNotes ActiveX Control Buffer Overflow Vulnerability ... Relevant URL: ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #147
      ... Firewalls and IDS will not stop such attacks because LDAP Injections are ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows 2000 RPC DCOM Interface Denial of Service... ... SimpNews PATH_SIMPNEWS Remote File Include Vulnerability ...
      (Focus-Microsoft)
    • RE: White paper: Exploiting the Win32 API.
      ... I am aware of a Microsoft application that has made such a mistake. ... escalation through windows message attacks is nothing new. ... out of box the way windows messaging works i think is flawed... ... Subject: White paper: Exploiting the Win32 API. ...
      (Bugtraq)