[Full-disclosure] [Mlabs] Scrutinising SIP Payloads : Traversing Attack Vectors in VOIP and IM
Aditya K Sood
zeroknock at secniche.org
Wed Sep 19 21:47:18 BST 2007
Hi
I have released core research paper on SIP comprising of Payload
problems and Attack vectors.
This research paper lays stress on the potential weaknesses present in
the SIP which make it vulnerable to stringent attacks. The point of
discussion is to understand the weak spots in the protocol. The payloads
constitute the request vectors. The protocol inherits well defined
security procedures and implementation objects. The security model is
hierarchical and is diverged in every working layer of SIP from top to
bottom. SIP features can be exploited easily if definitive attack base
is subjugated. We will discuss about inherited flaws and methods to
combat against predefined attacks. The payloads have to be scrutinized
at the network level. It is critical because payloads are
considered as infection bases to infect networks . The pros and cons
will be enumerated from security perspective.
You can download paper at:
http://mlabs.secniche.org
Regards
Aks aka 0kn0ck
Full-Disclosure is hosted and sponsored by Secunia.