[VOIPSEC] Actual Attacks - UA handling
Mark Teicher
mht3 at earthlink.net
Mon Mar 7 18:47:46 GMT 2005
Some IP phones are more susceptible to RTP based attacks, some IP phones would go into a soft boot mode cycle, as if they were trying to recover but couldn't the buffers were still processing RTP packets and then when all the RTP packets were processed. Even the media gateways seem to get shaken a bit when oversize RTP packets are sent.
-----Original Message-----
From: Mark Collier <mark.collier at securelogix.com>
Sent: Mar 7, 2005 12:11 PM
To: "'Voipsec at voipsa.org'" <Voipsec at voipsa.org>
Subject: Re: [VOIPSEC] Actual Attacks - UA handling
Mark/Ari,
In our testing, we also found various SIP phone UAs to be very susceptible
to
RTP-based attacks. Some UAs did not check sequence numbers, so audio
could be inserted by sending RTP to active media ports. Also, a few of the
UAs could not handle large (1400 byte) RTP packets sent to ANY active
port. These phones crashed and had to be manually rebooted.
Mark D. Collier
Chief Technology Officer
mark.collier at securelogix.com
(210) 402-9669
(210) 863-9001
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list