SIP Vulnerabilities Testing in Session Establishment & User Registration
نویسندگان
چکیده
This paper describes an attack-directed approach to test SIP authentication vulnerabilities in session establishment and user registration. This approach aims to exercise the known areas of weakness including the inherent vulnerabilities in SIP specification and the implementation vulnerabilities caused by programmers’ negligence. By using this approach and a self-made testing tool, we have successfully identified a number of vulnerabilities in a popular open source SIP implementation, namely VOCAL. This effective approach can also be used to test any other SIP implementations.
منابع مشابه
Security testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاململزومات امنیتی پیادهسازی IMS SIP سرور امن
IMS (IP Multimedia Subsystem) network is considered as an NGN (Next Generation Network) core networks by ETSI. Decomposition of IMS core network has resulted in a rapid increase of control and signaling message that makes security a required capability for IMS commercialization. The control messages are transmitted using SIP (Session Initiation Protocol) which is an application layer protocol. ...
متن کاملInterworking Between SIP/SDP and H.323
There are currently two standards for signaling and control of Internet telephone calls, namely ITU-T Recommendation H.323 and the IETF Session Initiation Protocol (SIP). We describe how a signaling gateway can allow SIP user agents to call H.323 terminals and vice versa. Our solution addresses user registration, call sequence mapping and session description. We also describe and compare variou...
متن کاملRfc 6567 Sip Uui
This document introduces the transport of call control User-to-User Information (UUI) using the Session Initiation Protocol (SIP) and develops several requirements for a new SIP mechanism. Some SIP sessions are established by or related to a non-SIP application. This application may have information that needs to be transported between the SIP User Agents during session establishment. In additi...
متن کاملAn ontology-based policy for deploying secure SIP-based VoIP services
— Voice services over Internet Protocol (VoIP) are nowadays much promoted by telecommunication and Internet service providers. However, the utilization of open networks, like the Internet, raises several security issues that must be accounted for. On top of that, there are new sophisticated attacks against VoIP infrastructures that capitalize on vulnerabilities of the protocols employed for the...
متن کامل