VoIP-SIP Security Denial of Service DoS using SIP CANCEL messages

The CANCEL message is normally used to cancel a phone’s previous request, but this attack can use them to stop an incoming call on a specific call or an outgoing call from a phone.

The attacker must listen to the network to intercept a message between hosts, usually an INVITE message if a DoS is intended. After having analysed the message to get enough information on the context, the attacker can create a false CANCEL message and send it to cancel the INVITE. 
The phone call is thus prevented, and the attacker is successful. It’s important to note that the CANCEL has no effect is the call has already been accepted. However, since an invite message takes some time to be accepted (the receiver has to pick up), the attacker has the necessary time to analyse the invite message and send the falsified cancel.

The attacker must be able to listen to the network traffic and identify SIP messages. The attacker must also be able to send the CANCEL message to the target after the INVITE has been sent.

Read More:http://www.vadese.org/files/upload/Best_practices_VoIP_en_v20.pdf

Related post

Newer Post Older Post


Post a Comment


Wiki Voip And Fax Tutorials Copyright © 2010 Labloub