INVITE of Death

INVITE of Death

An INVITE of Death is a type of attack on a VoIP-system that involves sending a malformed or otherwise malicious SIP INVITE request to a telephony server and causes a crash of that server. Because telephony is usually a critical application, this damage causes significant uproar amongst the users and poses tremendous acceptance problems with VoIP. Those kinds of attacks do not necessarily affect only SIP-based systems; all implementations with vulnerabilities in the VoIP area are affected. However, sending INVITE packets is the most popular way of attacking telephony systems.

The name is a reference to the ping of death attack that caused serious trouble in the 1990s.

PBX Servers

So far, no known virus exists that sends out the INVITE of death. The threat of a virus affects installations in offices that are using an unstable IP-PBX. By just sending malicious packets on port 5060 in the local area network using the local net mask, local systems can be attacked easily. Because on these environments, upgrades are usually not automatic and the installer has to take care about the software, there will be likely a significant service outage.

The INVITE of Death is specifically a problem for operators that run their servers on the public Internet. Because SIP allows the usage of UDP packets, it is easy for an attacker to spoof any source address in the Internet and send the INVITE of death from untraceable locations. By sending these kinds of requests periodically, attackers can completely interrupt the telephony service. The only choice for the service provider is to upgrade their systems until the attack does not crash the system any more.

VoIP Phones

A large number of vulnerabilities exists for VoIP phones. The type of attacks start with very simple attacks like sending an empty packet and go to the phone to sequences that require up to ten packets to attack a phone.

DoS on VoIP phones are less critical that attacks on central devices like IP-PBX. Usually only the endpoint is affected. However, when systematic attacks are in place, the whole set of phones may become unusable. Therefore, VoIP phones should receive the same attention as IP-PBX.

Links

* [http://www.net-security.org/advisory.php?id=7859 Debian Security Advisory]
* [http://secunia.com DOS vulnerability on SIP phones]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Death Note — デスノート (Desu Nōto) Type Shōnen Genre …   Wikipédia en Français

  • Death note — デスノート (Desu Nōto) Type Shōnen Genre Policier, Fantastique …   Wikipédia en Français

  • Death, Jr. and the Science Fair of Doom — Death Jr. and the Science Fair of Doom Developer(s) Backbone Entertainment Publisher(s) …   Wikipedia

  • Death Rally — Éditeur Apogee Développeur Remedy Entertainment Date de sortie États Unis : 6 septembre 1996 Licence Freeware Version 1.0 Genre …   Wikipédia en Français

  • Death by Kite — est un groupe de post rock originaire de Copenhague au Danemark. Leur premier album est sorti le 16 avril 2007. Le groupe est composé de: Bjørn Alexander Gøtzsche Lange (voix, guitare) Sidsel Marie Hermansen (basse, voix) Kristian Kimer (batterie …   Wikipédia en Français

  • Death of Marilyn Monroe — Marilyn Monroe s crypt at the Westwood Village Memorial Park Cemetery in Los Angeles Marilyn Monroe was found dead in the bedroom of her Brentwood home by her psychoanalyst Ralph S Florence after he was called by Monroe s housekeeper Eunice… …   Wikipedia

  • Ping of death — A ping of death (abbreviated POD ) is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer. A ping is normally 64 bytes in size (or 84 bytes when IP header is considered); many computer… …   Wikipedia

  • List of Death Note episodes — Death Note is an anime series based on the manga series written by Tsugumi Ohba and illustrated by Takeshi Obata. Death Note aired in Japan on the Nippon Television (NTV) network every Tuesday at 24:56 [1] The series began broadcasting on NTV on… …   Wikipedia

  • The Life and Death of Colonel Blimp — theatrical poster Directed by Michael Powell Emeric Pressburger …   Wikipedia

  • Nuclear Death — était un groupe de death metal formé en 1986 à Phoenix, Arizona. Il était un de rares groupes de ce genre avec une femme au chant, Lori Bravo. Leur style a été comparé à des groupes comme Impetigo, Blasphemy, Autopsy, Deceased, et Repulsion.… …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”