INVITE of Death

Last updated

An INVITE of Death [1] is a type of attack on a VoIP-system that involves sending a malformed or otherwise malicious SIP INVITE request to a telephony server, resulting in a crash of that server. Because telephony is usually a critical application, this damage causes significant disruption to the users and poses tremendous acceptance problems with VoIP. These kinds of attacks do not necessarily affect only SIP-based systems; all implementations with vulnerabilities in the VoIP area are affected. The DoS attack can also be transported in other messages than INVITE. For example, in December 2007 there was a report about a vulnerability in the BYE message ("BYE BYE") by using an obsolete header with the name "Also". [2] However, sending INVITE packets is the most popular way of attacking telephony systems. [3] The name is a reference to the ping of death attack that caused serious trouble in 1995–1997.

Contents

VoIP Servers (INVITE of Death)

The INVITE of Death vulnerability was found [4] on February 16, 2009. [5] The vulnerability allows the attacker to crash the server causing remote Denial of Service (DoS) by sending a single malformed packet. An impersonator can, using a malformed packet, overflow the specific string buffers, add a large number of token characters, and modify fields in an illegal fashion. As a result, a server is tricked into an undefined state, which can lead to call processing delays, unauthorized access, and a complete denial of service. The problem specifically exists in OpenSBC version 1.1.5-25 in the handling of the “Via” field from a maliciously crafted SIP packet. [6] The INVITE of Death packet was also used to find a new vulnerability in the patched OpenSBC server through network dialog minimization. [7] [8]

For the popular open source-based Asterisk PBX, there are security advisories that cover not only signaling-related problems, but also problems with other protocols and their resolution. [9] Problems may be malformed SDP attachments where codex numbers are out of the valid range or obsolete headers such as “Also”.

The INVITE of Death is specifically a problem for operators that run their servers on the public internet. Because SIP allows the usage of UDP packets, it is easy for an attacker to spoof any source address in the internet and send the INVITE of death from untraceable locations. By sending these kinds of requests periodically, attackers can completely interrupt the telephony service. The only choice for the service provider is to upgrade their systems until the attack does not crash the system anymore.

VoIP phones

A large number of VoIP Vulnerabilities exist for IP phones. DoS attacks on VoIP phones are less critical than attacks on central devices like IP-PBX, as, usually, only the endpoint is affected.[ citation needed ]

Related Research Articles

The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications. SIP is used in Internet telephony, in private IP telephone systems, as well as mobile phone calling over LTE (VoLTE).

Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for voice calls for the delivery of voice communication sessions over Internet Protocol (IP) networks, such as the Internet.

Inter-Asterisk eXchange (IAX) is a communications protocol native to the Asterisk private branch exchange (PBX) software, and is supported by a few other softswitches, PBX systems, and softphones. It is used for transporting voice over IP telephony sessions between servers and to terminal devices.

<span class="mw-page-title-main">Asterisk (PBX)</span> PBX software

Asterisk is a software implementation of a private branch exchange (PBX). In conjunction with suitable telephony hardware interfaces and network applications, Asterisk is used to establish and control telephone calls between telecommunication endpoints such as customary telephone sets, destinations on the public switched telephone network (PSTN) and devices or services on voice over Internet Protocol (VoIP) networks. Its name comes from the asterisk (*) symbol for a signal used in dual-tone multi-frequency (DTMF) dialing.

VoIP spam or SPIT is unsolicited, automatically dialed telephone calls, typically using voice over Internet Protocol (VoIP) technology.

A session border controller (SBC) is a network element deployed to protect SIP based voice over Internet Protocol (VoIP) networks.

<span class="mw-page-title-main">VoIP phone</span> Phone using one or more VoIP technologies

A VoIP phone or IP phone uses voice over IP technologies for placing and transmitting telephone calls over an IP network, such as the Internet. This is in contrast to a standard phone which uses the traditional public switched telephone network (PSTN).

<span class="mw-page-title-main">SipXecs</span>

SipXecs is a free software enterprise communications system. It was initially developed by Pingtel Corporation in 2003 as a voice over IP telephony server located in Boston, MA. The server was later extended with additional collaboration capabilities as part of the SIPfoundry project. Since its extension, sipXecs now acts as a software implementation of the Session Initiation Protocol (SIP), making it a full IP-based communications system.

This is a comparison of voice over IP (VoIP) software used to conduct telephone-like voice conversations across Internet Protocol (IP) based networks. For residential markets, voice over IP phone service is often cheaper than traditional public switched telephone network (PSTN) service and can remove geographic restrictions to telephone numbers, e.g., have a PSTN phone number in a New York area code ring in Tokyo.

Mobile VoIP or simply mVoIP is an extension of mobility to a voice over IP network. Two types of communication are generally supported: cordless telephones using DECT or PCS protocols for short range or campus communications where all base stations are linked into the same LAN, and wider area communications using 3G or 4G protocols.

The SIP URI scheme is a Uniform Resource Identifier (URI) scheme for the Session Initiation Protocol (SIP) multimedia communications protocol. A SIP address is a URI that addresses a specific telephone extension on a voice over IP system. Such a number could be a private branch exchange or an E.164 telephone number dialled through a specific gateway. The scheme was defined in RFC 3261.

Voice over Internet Protocol (VoIP) recording is a subset of telephone recording or voice logging, first used by call centers and now being used by all types of businesses. There are many reasons for recording voice over IP call traffic such as: reducing company vulnerability to lawsuits by maintaining recorded evidence, complying with telephone call recording laws, increasing security, employee training and performance reviews, enhancing employee control and alignment, verifying data, sharing data as well as customer satisfaction and enhancing call center agent morale.

<span class="mw-page-title-main">Avaya IP Phone 1140E</span> IP phone

Avaya IP Phone 1140E in telecommunications is a desktop Internet Protocol client from 1100-series manufactured by Avaya for unified communications. The phone can operate on the Session Initiation Protocol (SIP) or UNIStim protocols. The SIP firmware supports presence selection and notification along with secure instant messaging. This device has an integrated 10/100/1000BASE-T auto-sensing Ethernet switch with two ports and an integrated USB port, and is Bluetooth capable. The SIP version of this phone has full IPv6 functionality and only requires 2.9 watts of power.

An IP PBX is a system that connects telephone extensions to the public switched telephone network (PSTN) and provides internal communication for a business. An IP PBX is a PBX system with IP connectivity and may provide additional audio, video, or instant messaging communication utilizing the TCP/IP protocol stack.

SIP trunking is a voice over Internet Protocol (VoIP) technology and streaming media service based on the Session Initiation Protocol (SIP) by which Internet telephony service providers (ITSPs) deliver telephone services and unified communications to customers equipped with SIP-based private branch exchange (IP-PBX) and unified communications facilities. Most unified communications applications provide voice, video, and other streaming media applications such as desktop sharing, web conferencing, and shared whiteboard.

VaxTele SIP Server SDK is a complete development toolkit, which allows software vendors and Internet telephony service providers (ITSP) to develop SIP Server and (SIP) Session Initiation Protocol based VoIP systems for Microsoft Windows to install computer to computer voice chat, chat rooms, IVR systems, call center services, calling card services, dial/receive computer to PSTN and mobile phone calling services.

The 1100-series IP phones are 6 different desktop IP clients manufactured by Avaya for Unified communications which can operate on the SIP or UNIStim protocols. The SIP Firmware supports presence selection and notification along with secure instant messaging.

Ingate Systems AB is a Swedish company that sells data network security and telecommunication equipment. The company primarily provides SIP Trunking of IP PBX:s on the US market. It is associated with sister company Intertex Data AB.

VoIP vulnerabilities are weaknesses in the VoIP protocol or its implementations that expose users to privacy violations and other problems. VoIP is a group of technologies that enable voice calls online. VoIP contains similar vulnerabilities to those of other internet use.

References

  1. M. Zubair Rafique; et al. "Evaluating DoS Attacks Against SIP-Based VoIP Systems" (PDF). In Proceedings of 28th the IEEE Global Telecommunications Conference 2009. IEEE.
  2. "Asterisk Security Vulnerability in SIP Channel Driver".
  3. http://www.fiercevoip.com/story/invite-death-sip-digest-attack-ring-voip-security-alarms/2009-03-13?cmp-id=OTC-RSS-FV0%5B%5D
  4. "OpenSBC: OpenSBC (INVITE of Death)". 2012-11-26.
  5. M. Zubair Rafique; et al. "Evaluating DoS Attacks Against SIP-Based VoIP Systems" (PDF). In Proceedings of 28th the IEEE Global Telecommunications Conference 2009. IEEE.
  6. Rafique, M. Zubair; Akbar, M. Ali; Farooq, Muddassar (2009). "Evaluating DoS Attacks against Sip-Based VoIP Systems". GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference. pp. 1–6. doi:10.1109/GLOCOM.2009.5426247. ISBN   978-1-4244-4148-8. S2CID   15826962.
  7. "INVITE of Death and Network Dialog Minimization (New Vulnerability in VoIP Server)". 30 September 2014.
  8. http://osvdb.net/show/osvdb/86607
  9. "Security Advisories ⋆ Asterisk".