VoIP-SIP Security Re-INVITE / Session Replay – Mid Session tricks

This attack modifies the configuration of a call in eavesdrop or record it. The attacker needs to obtain an INVITE message by listening to the network. 
He can then introduce a forged INVITE message with modified parameters during the conversation. This can be exploited several ways, but one of them is to add a third person to do the eavesdropping or recording.
The attacker must be able to listen to SIP messages and insert forged ones.
References:
      RFC 3261 - SIP: Session Initiation Protocol
      http://www.vadese.org/files/upload/Best_practices_VoIP_en_v20.pdf

Related post



Newer Post Older Post

0 comments:

Post a Comment

 

Wiki Voip And Fax Tutorials Copyright © 2010 Labloub