[VOIPSEC] Analysis of a VoIP Attack

[Jiri Kuthan]

I would add, that Tudor (cc) did analysis of the messages on iptel.org site
using the palladion facility. I think the most interesting conclusion we
have been able to make is that it was a really trivial attack and even
though the iptel.org request processing policy is quite liberal, it
denied all the requests on the grounds of not having a served domain
neither in from nor in to. I don't think it would be terribly difficult
to handcraft the SIP messages in a more penetrating way; if the
originator of the attack is on this mailing list, I will be glad to
explain in privacy why this didn't pose a security threat :)

-jiri