INVITE of Death

Last updated

An INVITE of Death [1] is a type of attack on a VoIP-system that involves sending a malformed or otherwise malicious SIP INVITE request to a telephony server, resulting in a crash of that server. Because telephony is usually a critical application, this damage causes significant disruption to the users and poses tremendous acceptance problems with VoIP. These kinds of attacks do not necessarily affect only SIP-based systems; all implementations with vulnerabilities in the VoIP area are affected. The DoS attack can also be transported in other messages than INVITE. For example, in December 2007 there was a report about a vulnerability in the BYE message ("BYE BYE") by using an obsolete header with the name "Also". [2] However, sending INVITE packets is the most popular way of attacking telephony systems. [3] The name is a reference to the ping of death attack that caused serious trouble in 1995–1997.

Contents

VoIP Servers (INVITE of Death)

The INVITE of Death vulnerability was found [4] on February 16, 2009. [5] The vulnerability allows the attacker to crash the server causing remote Denial of Service (DoS) by sending a single malformed packet. An impersonator can, using a malformed packet, overflow the specific string buffers, add a large number of token characters, and modify fields in an illegal fashion. As a result, a server is tricked into an undefined state, which can lead to call processing delays, unauthorized access, and a complete denial of service. The problem specifically exists in OpenSBC version 1.1.5-25 in the handling of the “Via” field from a maliciously crafted SIP packet. [6] The INVITE of Death packet was also used to find a new vulnerability in the patched OpenSBC server through network dialog minimization. [7] [8]

For the popular open source-based Asterisk PBX, there are security advisories that cover not only signaling-related problems, but also problems with other protocols and their resolution. [9] Problems may be malformed SDP attachments where codex numbers are out of the valid range or obsolete headers such as “Also”.

The INVITE of Death is specifically a problem for operators that run their servers on the public internet. Because SIP allows the usage of UDP packets, it is easy for an attacker to spoof any source address in the internet and send the INVITE of death from untraceable locations. By sending these kinds of requests periodically, attackers can completely interrupt the telephony service. The only choice for the service provider is to upgrade their systems until the attack does not crash the system anymore.

VoIP phones

A large number of VoIP Vulnerabilities exist for IP phones. DoS attacks on VoIP phones are less critical than attacks on central devices like IP-PBX, as, usually, only the endpoint is affected.[ citation needed ]

Related Research Articles

The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications. SIP is used in Internet telephony, in private IP telephone systems, as well as mobile phone calling over LTE (VoLTE).

Voice over Internet Protocol (VoIP), also known as IP telephony, refers to a set of technologies used for voice communication sessions over Internet Protocol (IP) networks, such as the Internet. VoIP enables voice calls to be transmitted as data packets, facilitating various methods of voice communication, including traditional applications like Skype, Microsoft Teams, Google Voice, and VoIP phones. Regular telephones can also be used for VoIP by connecting them to the Internet via analog telephone adapters (ATAs), which convert traditional telephone signals into digital data packets that can be transmitted over IP networks.

Inter-Asterisk eXchange (IAX) is a communications protocol native to the Asterisk private branch exchange (PBX) software, and is supported by a few other softswitches, PBX systems, and softphones. It is used for transporting voice over IP telephony sessions between servers and to terminal devices.

<span class="mw-page-title-main">Asterisk (PBX)</span> PBX software

Asterisk is a software implementation of a private branch exchange (PBX). In conjunction with suitable telephony hardware interfaces and network applications, Asterisk is used to establish and control telephone calls between telecommunication endpoints such as customary telephone sets, destinations on the public switched telephone network (PSTN) and devices or services on voice over Internet Protocol (VoIP) networks. Its name comes from the asterisk (*) symbol for a signal used in dual-tone multi-frequency (DTMF) dialing.

VoIP spam or SPIT is unsolicited, automatically dialed telephone calls, typically using voice over Internet Protocol (VoIP) technology.

<span class="mw-page-title-main">Business telephone system</span> Telephone system typically used in business environments

A business telephone system is a telephone system typically used in business environments, encompassing the range of technology from the key telephone system (KTS) to the private branch exchange (PBX).

A session border controller (SBC) is a network element deployed to protect SIP based voice over Internet Protocol (VoIP) networks.

<span class="mw-page-title-main">VoIP phone</span> Phone using one or more VoIP technologies

A VoIP phone or IP phone uses voice over IP technologies for placing and transmitting telephone calls over an IP network, such as the Internet. This is in contrast to a standard phone which uses the traditional public switched telephone network (PSTN).

<span class="mw-page-title-main">SipXecs</span>

SipXecs is a free software enterprise communications system. It was initially developed by Pingtel Corporation in 2003 as a voice over IP telephony server located in Boston, MA. The server was later extended with additional collaboration capabilities as part of the SIPfoundry project. Since its extension, sipXecs now acts as a software implementation of the Session Initiation Protocol (SIP), making it a full IP-based communications system.

Mobile VoIP or simply mVoIP is an extension of mobility to a voice over IP network. Two types of communication are generally supported: cordless telephones using DECT or PCS protocols for short range or campus communications where all base stations are linked into the same LAN, and wider area communications using 3G or 4G protocols.

The SIP URI scheme is a Uniform Resource Identifier (URI) scheme for the Session Initiation Protocol (SIP) multimedia communications protocol. A SIP address is a URI that addresses a specific telephone extension on a voice over IP system. Such a number could be a private branch exchange or an E.164 telephone number dialled through a specific gateway. The scheme was defined in RFC 3261.

<span class="mw-page-title-main">Avaya IP Phone 1140E</span> IP phone

Avaya IP Phone 1140E in telecommunications is a desktop Internet Protocol client from 1100-series manufactured by Avaya for unified communications. The phone can operate on the Session Initiation Protocol (SIP) or UNIStim protocols. The SIP firmware supports presence selection and notification along with secure instant messaging. This device has an integrated 10/100/1000BASE-T auto-sensing Ethernet switch with two ports and an integrated USB port, and is Bluetooth capable. The SIP version of this phone has full IPv6 functionality and only requires 2.9 watts of power.

An IP PBX is a system that connects telephone extensions to the public switched telephone network (PSTN) and provides internal communication for a business. An IP PBX is a PBX system with IP connectivity and may provide additional audio, video, or instant messaging communication utilizing the TCP/IP protocol stack.

SIP trunking is a voice over Internet Protocol (VoIP) technology and streaming media service based on the Session Initiation Protocol (SIP) by which Internet telephony service providers (ITSPs) deliver telephone services and unified communications to customers equipped with SIP-based private branch exchange (IP-PBX) and unified communications facilities. Most unified communications applications provide voice, video, and other streaming media applications such as desktop sharing, web conferencing, and shared whiteboard.

VaxTele SIP Server SDK is a complete development toolkit, which allows software vendors and Internet telephony service providers (ITSP) to develop SIP Server and (SIP) Session Initiation Protocol based VoIP systems for Microsoft Windows to install computer to computer voice chat, chat rooms, IVR systems, call center services, calling card services, dial/receive computer to PSTN and mobile phone calling services.

The 1100-series IP phones are 6 different desktop IP clients manufactured by Avaya for Unified communications which can operate on the SIP or UNIStim protocols. The SIP Firmware supports presence selection and notification along with secure instant messaging.

Network address translators (NAT) are used to overcome the lack of IPv4 address availability by hiding an enterprise or even an operator's network behind one or few IP addresses. The devices behind the NAT use private IP addresses that are not routable in the public Internet. The Session Initiation Protocol (SIP) has established itself as the de facto standard for voice over IP (VoIP) communication. In order to establish a call, a caller sends a SIP message, which contains its own IP address. The callee is supposed to reply back with a SIP message destined to the IP addresses included in the received SIP message. This will obviously not work if the caller is behind a NAT and is using a private IP address.

Ingate Systems AB is a Swedish company that sells data network security and telecommunication equipment. The company primarily provides SIP Trunking of IP PBX:s on the US market. It is associated with sister company Intertex Data AB.

VoIP vulnerabilities are weaknesses in the VoIP protocol or its implementations that expose users to privacy violations and other problems. VoIP is a group of technologies that enable voice calls online. VoIP contains similar vulnerabilities to those of other internet use.

References

  1. M. Zubair Rafique; et al. "Evaluating DoS Attacks Against SIP-Based VoIP Systems" (PDF). In Proceedings of 28th the IEEE Global Telecommunications Conference 2009. IEEE.
  2. "Asterisk Security Vulnerability in SIP Channel Driver".
  4. "OpenSBC: OpenSBC (INVITE of Death)". 2012-11-26.
  5. M. Zubair Rafique; et al. "Evaluating DoS Attacks Against SIP-Based VoIP Systems" (PDF). In Proceedings of 28th the IEEE Global Telecommunications Conference 2009. IEEE.
  6. Rafique, M. Zubair; Akbar, M. Ali; Farooq, Muddassar (2009). "Evaluating DoS Attacks against Sip-Based VoIP Systems". GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference. pp. 1–6. doi:10.1109/GLOCOM.2009.5426247. ISBN   978-1-4244-4148-8. S2CID   15826962.
  7. "INVITE of Death and Network Dialog Minimization (New Vulnerability in VoIP Server)". 30 September 2014.
  8. "86607: OpenSIPStack OpenSBC.exe::SIPTransactions::SIPTransactionManager::RemoveTransaction Function NULL Pointer Dereference Remote DoS".
  9. "Security Advisories ⋆ Asterisk".
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.