[VoiceOps] SIP stack attacks

Paul Tiplady symmetricone at gmail.com
Wed Sep 7 18:15:38 EDT 2011

Has anyone seen or heard of SIP stack attacks (e.g. stack difference or
stack fingerprinting) being used in the wild?

http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Scholz.pdf talks
very briefly about the possibility of using implementation bugs in an
attack. It seems to me that the most likely effect of such an attack would
be to crash the SIP process on the UA (DoS), but authentication bypassing
could also be possible if the attacker got lucky. If such an attack is
possible (a big 'if'), I suspect it would be very hard to execute; the risk
from such attacks appears low.

To put this into context, I'm wondering how paranoid to be when configuring
my Acme Packet SBC. It's possible to blacklist any endpoint which sends
malformed SIP messages, but that seems like a bit of an overreaction.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20110907/8ee8417a/attachment.html>

More information about the VoiceOps mailing list