VoIP-SIP Security DoS using SIP FAILURE (4xx) messages

This attack uses SIP request failure messages (4xx), normally used when there was an error, to prevent a call from being established. Normally, 4xx are final answers from the server, and the client shouldn’t try the same request without modifying it.

The attacker listens to the network for a SIP request between the participants (an INVITE message is the best candidate). After having analysed the message to extract the context and information on the communication, he can make a false 404 (not found), 410 (Gone) or any other 4xx code, and send it to the caller before a valid answer can be sent to the initial SIP message. 
The attacker has succeeded in his goal since not only has the call not passed, but the caller is informed of a fictional problem on the other side.
It should be noted that similar attacks can be done with 5xx (server failure) or 6xx (global failure) messages.
The attacker must be able to listen to the network traffic and identify SIP messages.
The attacker must also be able to send the CANCEL message to the target before the reply to the INVITE has received.
Read More:http://www.vadese.org/files/upload/Best_practices_VoIP_en_v20.pdf

Related post

Newer Post Older Post


Post a Comment


Wiki Voip And Fax Tutorials Copyright © 2010 Labloub