I understand that SIP is an application-level protocol that is used to setup/modify/end communication sessions for things like VOIP and instant messenger. I also understand that users can send request messages (to other users?) and get responses back (saying that the other user will open a session?). I also understand that that this protocol can be used to create a SIP flood, which is a kind of denial of service attack. Is the idea to inundate a particular server with SIP requests--much like one might inundate a server with HTTP requests in an HTTP attack?
Asked
Active
Viewed 1.1k times
1 Answers
1
I'd recommend reading this paper I found on google: http://www0.cs.ucl.ac.uk/staff/f.huici/publications/sipdos.pdf
Where you are missing is that you don't DoS the server but rather the phones. Servers in SIP are often only used to find the clients. The idea is to flood the clients themselves. As per the publication, it would only take about 180 invite messages per second to take down the phone. Some phones even did a complete reset.
Lucas Kauffman
- 54,169
- 17
- 112
- 196
-
so basically if you send a few hundred requests to a sip client, it will flood? – bernie2436 Mar 14 '13 at 18:12
-
well you flood him with packets, because he cant handle so much packets (unexpected behavior) he will start choking. – Lucas Kauffman Mar 14 '13 at 19:35