INVITE of Death: Difference between revisions
Fixed spelling and some other computer related errors. |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Refimprove|date=March 2008}} |
{{Refimprove|date=March 2008}} |
||
{{Copyedit|date=March 2010}} |
{{Copyedit|date=March 2010}} |
||
==Definition== |
|||
An '''INVITE of Death''' is a type of attack on a VoIP-system that involves sending a malformed or otherwise malicious [[Session Initiation Protocol|SIP]] INVITE request to a telephony server and causes a crash of that server. Because telephony is usually a critical application, this damage causes significant uproar amongst the users and poses tremendous acceptance problems with VoIP. Those kinds of attacks do not necessarily affect only SIP-based systems; all implementations with vulnerabilities in the VoIP area are affected. However, sending INVITE packets is the most popular way of attacking telephony systems.<ref>http://www.fiercevoip.com/story/invite-death-sip-digest-attack-ring-voip-security-alarms/2009-03-13?utm_medium=rss&utm_source=rss&cmp-id=OTC-RSS-FV0</ref> |
An '''INVITE of Death''' is a type of attack on a VoIP-system that involves sending a malformed or otherwise malicious [[Session Initiation Protocol|SIP]] INVITE request to a telephony server and causes a crash of that server. Because telephony is usually a critical application, this damage causes significant uproar amongst the users and poses tremendous acceptance problems with VoIP. Those kinds of attacks do not necessarily affect only SIP-based systems; all implementations with vulnerabilities in the VoIP area are affected. However, sending INVITE packets is the most popular way of attacking telephony systems.<ref>http://www.fiercevoip.com/story/invite-death-sip-digest-attack-ring-voip-security-alarms/2009-03-13?utm_medium=rss&utm_source=rss&cmp-id=OTC-RSS-FV0</ref> |
||
Revision as of 20:52, 25 September 2010
 | This article needs additional citations for verification. (March 2008) |
 | This article may require copy editing for grammar, style, cohesion, tone, or spelling. (March 2010) |
An INVITE of Death is a type of attack on a VoIP-system that involves sending a malformed or otherwise malicious SIP INVITE request to a telephony server and causes a crash of that server. Because telephony is usually a critical application, this damage causes significant uproar amongst the users and poses tremendous acceptance problems with VoIP. Those kinds of attacks do not necessarily affect only SIP-based systems; all implementations with vulnerabilities in the VoIP area are affected. However, sending INVITE packets is the most popular way of attacking telephony systems.[1]
The name is a reference to the ping of death attack that caused serious trouble in 1995-1997
The DoS attack can also be transported in other messages than INVITE. For example, in December 2007 there was a report about a vulnerability in the BYE message ("BYE BYE") by using an obsolete header with the name "Also".[2]
VoIP Servers (INVITE of Death)
The "INVITE of Death" vulnerability was discovered on 16 February 2009[3]. The vulnerability allows the attacker to crash the server causing remote Denial of Service (DoS) by sending a single malformed packet. An impersonator can, using a malformed packet, overflow the specific string buffers, add large number of token characters and modify fields in an illegal fashion. As a result, a server is tricked to reach an undefined state, which can lead to call processing delays, an unauthorized access and a complete denial of service. The problem specifically exists in OpenSBC version 1.1.5-25 in the handling of “Via” field caused from maliciously crafted SIP packet.[4]
For the popular, open source-based Asterisk PBX there are security advisories that cover not only signaling-related problems, but also problems with other protocols and their resolution.[5] Problems may be malformed SDP attachments where codex numbers are out of the valid range or obsolete headers like the “Also” header.
The INVITE of Death is specifically a problem for operators that run their servers on the public Internet. Because SIP allows the usage of UDP packets, it is easy for an attacker to spoof any source address in the Internet and send the INVITE of death from untraceable locations. By sending these kinds of requests periodically, attackers can completely interrupt the telephony service. The only choice for the service provider is to upgrade their systems until the attack does not crash the system any more.
VoIP phones
A large number of vulnerabilities exist for VoIP phones. The type of attacks start with very simple attacks like sending an empty packet and go to the phone to sequences that require up to ten packets to attack a phone.
DoS on VoIP phones are less critical than attacks on central devices like IP-PBX. Usually only the endpoint is affected. However, when systematic attacks are in place, the whole set of phones may become unusable. Therefore, VoIP phones should receive the same attention as IP-PBX.
References
- ^ http://www.fiercevoip.com/story/invite-death-sip-digest-attack-ring-voip-security-alarms/2009-03-13?utm_medium=rss&utm_source=rss&cmp-id=OTC-RSS-FV0
- ^ http://blog.tmcnet.com/blog/tom-keating/asterisk/asterisk-security-vulnerability-in-sip-channel-driver.asp
- ^ http://ims-bisf.nexginrc.org/OpenSBC-vul.html
- ^ http://nexginrc.org/nexginrcAdmin/PublicationsFiles/globecom09-zubair.pdf
- ^ http://www.asterisk.org/security