Protocolo sip
(SIP) Vulnerabilities
Mark D. Collier
Chief Technology Officer
SecureLogix Corporation
What Will Be Covered
Introduction to SIP
General SIP security
SIP vulnerabilities and attack tools
Recommendations
Links
SIP Introduction
Session Initiation Protocol (SIP):
Is a general-purpose protocol for managing sessions
Can be used for any type of session
Provides a means for voice signaling
Defined by the IETF (looks like an Internet protocol)
Resembles HTTP
ASCII requests/responses
SIP Introduction
Why is SIP important:
Generally viewed as the protocol of the future
Designed to be simple (it’s not) and extensible
Supported by major vendors (sort of)
Used by many service providers
Provides a foundation for application support
Will be used for public VoIP access
SIP Introduction
Public
Voice
Network
TDM Phones
SIP Trunk
IP
PBX
IP Phones
Voice VLAN
Data VLAN
Internet
Internet
Connection
PCs
SIP Components
Proxy
User Agents
SDP
SIP
Codecs
RTP
RTCP
TCP
IPv4
UDP
IPv6
SIP Call Flow
Proxy
SIP/SDP
UDP/TCP
Proxy
SIP/SDP
UDP/TCP
SIP/SDP
UDP/TCP
RTP/RTCP
UDP
User
User
SIP Vulnerabilities
Security issues with SIP:
SIP is a complex, free format protocol
SIP itself does not require any security
Security mentioned in SIP RFC, but not required
Security degrades to common feature set
Security is not mandatory even if available
UDP is commonly used for SIP transport
Network Address Translation (NAT) breaks security
Data firewalls do not monitor SIP
SIP Vulnerabilities
SIP-Specific Vulnerabilities:
Eavesdropping
General and directory scanning
Flood-based Denial of Service (DoS)
Fuzzing Denial of Service (DoS)
Registration manipulation and hijacking
Application man-in-the-middle attacks
Session tear down check-sync reboots
Redirect attacks
RTP attacks
SPIT
Eavesdropping
Proxy
Proxy
User
Attacker
User