Bugtraq mailing list archives

[Mlabs] Scrutinising SIP Payloads : Traversing Attack Vectors in VOIP and IM


From: Aditya K Sood <zeroknock () secniche org>
Date: Wed, 19 Sep 2007 21:18:09 -0700

Hi

I have released core research paper on SIP comprising of Payload problems
and Attack vectors.

This research paper lays stress on the potential weaknesses present in
the SIP
which make it vulnerable to stringent attacks. The point of discussion is to
understand the weak spots in the protocol. The payloads constitute the
request vectors. The protocol inherits well defined security procedures and
implementation objects. The security model is hierarchical and is
diverged in
every working layer of SIP from top to bottom. SIP features can be exploited
easily if definitive attack base is subjugated. We will discuss about
inherited
flaws and methods to combat against predefined attacks. The payloads have
to be scrutinized at the network level. It is critical because payloads are
considered as infection bases to infect networks . The pros and cons will be
enumerated from security perspective.

You can download paper at:

http://mlabs.secniche.org/papers/Scruti_SIP_Payloads.pdf

Regards
Aks aka 0kn0ck


Current thread: