Surf Wiki
Save to docs
general/denial-of-service-attacks

From Surf Wiki (app.surf) — the open knowledge base

INVITE of Death

Type of attack on SIP protocol clients

Type of attack on SIP protocol clients

An INVITE of Death is a type of attack on a VoIP-system that involves sending a malformed or otherwise malicious SIP INVITE request to a telephony server, resulting in a crash of that server. Because telephony is usually a critical application, this damage causes significant disruption to the users and poses tremendous acceptance problems with VoIP. These kinds of attacks do not necessarily affect only SIP-based systems; all implementations with vulnerabilities in the VoIP area are affected. The DoS attack can also be transported in other messages than INVITE. For example, in December 2007 there was a report about a vulnerability in the BYE message ("BYE BYE") by using an obsolete header with the name "Also". However, sending INVITE packets is the most popular way of attacking telephony systems. The name is a reference to the ping of death attack that caused serious trouble in 1995–1997.

VoIP Servers (INVITE of Death)

The INVITE of Death vulnerability was found on February 16, 2009. The vulnerability allows the attacker to crash the server causing remote denial of service (DoS) by sending a single malformed packet. An impersonator can, using a malformed packet, overflow the specific string buffers, add a large number of token characters, and modify fields in an illegal fashion. As a result, a server is tricked into an undefined state, which can lead to call processing delays, unauthorized access, and a complete denial of service. The problem specifically exists in OpenSBC version 1.1.5-25 in the handling of the “Via” field from a maliciously crafted SIP packet. The INVITE of Death packet was also used to find a new vulnerability in the patched OpenSBC server through network dialog minimization.

For the popular open-source-based Asterisk PBX, there are security advisories that cover not only signaling-related problems, but also problems with other protocols and their resolution. Problems may be malformed SDP attachments where codex numbers are out of the valid range or obsolete headers such as “Also”.

The INVITE of Death is specifically a problem for operators that run their servers on the public internet. Because SIP allows the usage of UDP packets, it is easy for an attacker to spoof any source address in the internet and send the INVITE of death from untraceable locations. By sending these kinds of requests periodically, attackers can completely interrupt the telephony service. The only choice for the service provider is to upgrade their systems until the attack does not crash the system anymore.

VoIP phones

A large number of VoIP Vulnerabilities exist for IP phones. DoS attacks on VoIP phones are less critical than attacks on central devices like IP-PBX, as, usually, only the endpoint is affected.

References

References

  1. "Evaluating DoS Attacks Against SIP-Based VoIP Systems". IEEE.
  2. "Asterisk Security Vulnerability in SIP Channel Driver".
  3. [https://archive.today/20131209012650/http://www.fiercevoip.com/story/invite-death-sip-digest-attack-ring-voip-security-alarms/2009-03-13?cmp-id=OTC-RSS-FV0]
  4. (2012-11-26). "OpenSBC: OpenSBC (INVITE of Death)".
  5. "Evaluating DoS Attacks Against SIP-Based VoIP Systems". IEEE.
  6. (2009). "GLOBECOM 2009 – 2009 IEEE Global Telecommunications Conference".
  7. (30 September 2014). "INVITE of Death and Network Dialog Minimization (New Vulnerability in VoIP Server)".
  8. "86607: OpenSIPStack OpenSBC.exe::SIPTransactions::SIPTransactionManager::RemoveTransaction Function NULL Pointer Dereference Remote DoS".
  9. "Security Advisories".
Info: Wikipedia Source

This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page.

denial-of-service-attacks
Want to explore this topic further?

Ask Mako anything about INVITE of Death — get instant answers, deeper analysis, and related topics.

Research with Mako

Free with your Surf account

Content sourced from Wikipedia, available under CC BY-SA 4.0.

This content may have been generated or modified by AI. CloudSurf Software LLC is not responsible for the accuracy, completeness, or reliability of AI-generated content. Always verify important information from primary sources.

Report