[VOIPSEC] Evaluating DoS Attacks Against SIP-Based VoIP Systems

Dorgham Sisalem sisalem at iptel.org
Tue Aug 18 10:23:49 BST 2009 

Hi,

I agree that SIP is no longer what it was supposed to be at the 
beginning: simple and nice to use. However, I do not believe that using 
TLV would have changed much. A bad implementation will crash for one 
reason or the other -a malformed header can surely be one reason but  
there are a thousand others. If developers do not bother to thoroughly 
test their software, do interop testing  and attend events like SIPit 
for example they should not be surprised if their implementations crash 
for one reason or the other.

Now discussing the usability of SIP. I do not see how using TLV would 
have made the protocol simpler. SIP is not complex because it was 
designed to be complex but because so many people decided that it is the 
flavour of the decade and wanted to use it to do the same things they 
got used to for so many years. Unfortunately I do not believe that if we 
started all over again the result would be much different. The iPhone 
Interface is still only available on iPhones, people who are used to 
PSTN would still like to see PSTN features in any VoIP protocol, and so 
many creative people would like to write tons of drafts showing how with 
simple extensions one can  build great new services and applications 
(that could have been done much simpler and easier if SIP was not used).

Cheers

Geoff Devine wrote:
> I find that "INVITE of Death" captures the fundamental problem with SIP.
> In the good ol' days when men were men and protocols were Type-Length-Value,
> it was fairly straightforward to implement a protocol stack that didn't die
> a miserable death whenever it saw a new implementation or a malicious
> attack.  You could easily write a pre-parser that rooted through the message
> looking for mandatory information elements and ensuring that the critical
> ones weren't malformed.  That enabled robust and machine-efficient
> implementations that could actually be tested in a deterministic way.  
>
> I always look at SIP and scratch my head.  The mantra is "we are leveraging
> HTTP" and all o' that kind o' stuff.  The problem is that HTTP is a
> completely different animal.   The complexity of the protocol is
> intentionally very 1-way.   Downstream, it's quite complex and typically
> interoperates very well with the dreaded Microsoft Internet Exploder
> implementations and not quite so well with all the other implementations.
> The complexity has created an anti-virus industry with mansions, exotic
> automobiles, and a plush Gulfstream V for the entrepreneurs who created
> solutions to the whole attack problem.  Upstream, the protocol is quite
> simple and significantly less vulnerable to attack.  SIP is a symmetric
> protocol with completely different behavior.  It's damned tough to test a
> SIP stack into submission and Touring tells us it's theoretically impossible
> to know for sure whether it really works.   I'm a Keep It Simple, Stupid
> kind-a engineer.   KISS permeates everything I've built in my 30-year
> career.  You just can't use SIP and "simple" and the same sentence.  
>
> Since SIP is flavor-of-the-week for telecom protocols, we're stuck dealing
> with it.  In a closed network, you pretty much have to assume that you have
> to bake any new implementation in an interop lab for a few months to shake
> out all the issues.  When you deploy, you just cross your fingers and pray
> since there's no such thing as 100% test coverage with a protocol as complex
> as SIP.   In an open network, you pretty much have to run a security
> mechanism like TLS or IPSec to approximate a closed network.   "INVITE of
> Death" indeed captures the essence of the problem.
>
> I sure hope we do the great circle thing and the next flavor-of-the-week
> protocol ends up being a Type-Length-Value design.   It will certainly save
> a lot of angst among a bajillion software engineers who have to cope with
> the disaster.  It would also be quite nice if the protocol designers
> actually paid attention to all the requirements of the legacy telecom
> environment the next time around.  The world doesn't need another IETF BLISS
> project to sort out the 50 different ways to do basic telephony things that
> have been around since IBM 029 key punch machines like basic key system
> emulation.
>
> Geoff
>
> -----Original Message-----
>
> From: zubair rafique <m_zubair_rafique at yahoo.com>
> Subject: [VOIPSEC] Fw: Evaluating DoS Attacks Against SIP-Based VoIP
> 	Systems	(INVITE of Death)
>
>   
>> Evaluating DoS Attacks Against SIP-Based VoIPSystems (INVITE of Death)
>> Paper accepted at IEEE-GLOBECOM
>>     
> 2009http://www.nexginrc.org/~zubair.rafique/papers/globecomm-zubair.pdf
>   
>> In contrast, little work is done to analyze therobustness and reliability
>>     
> of SIP severs under DoS attacks. 
>   
>> M Zubair RafiquenexGIN RC
>> http://www.nexginrc.org/~zubair.rafique/
>>     
>
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list