[VOIPSEC] RTP-borne virus examples?
Christopher A. Martin
chris at InfraVAST.com
Fri Dec 2 22:00:40 CST 2005
This is merely theoretical, but, using SIP as an example, one could
develop a soft client app that could utilize sip following all of the
rules to trigger the installation of payload data into a virus, for
instance transmit a .bmp or .exe via file transfer over SIP (instant
messaging), which could use what would look like valid RTP traffic for
the actual conduit, couldnt they. This could be for the purpose of
intrusion, information gathering, or propagation of a backdoor program.
I dont think this is infeasible, it would be just another method of
blended threats.
I already know that transmitting unexpected data toward VoIP agents over
udp can cause DoS so there is another issue.
Chris
Martyn Davies wrote:
>I'm with Scott Berkman on this. I can imagine that you could malform an
>RTP packet to crash a phone (or gateway). But to break the code in
>such a way that the payload ends up being executed as code? These
>opportunities will be far and few between. It seems to me also that
>because RTP packets travel unreliably (on UDP), this would be an
>inefficient way to deliver a virus, since the packet could get lost
>along the way and never even reach destination.
>
>Regards, Martyn
>
>------------------------------------------------------------------------
>----------------------------------------
>Martyn Davies
>Principal Consultant
>
>Eicon Networks
>Kings Chase
>107-123 King Street
>Maidenhead
>Berkshire
>SL6 1DP
>
>Tel: 01628 641 770
>Direct: 01628 641 790 x 210
>Fax: 01628 641 780
>Mobile: 07881 908 381
>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>
>
More information about the Voipsec
mailing list