INVITE of Death
From Wikipedia, the free encyclopedia
This article does not cite any references or sources. (March 2008) Please help improve this article by adding citations to reliable sources. Unverifiable material may be challenged and removed. |
An INVITE of Death is a type of attack on a VoIP-system that involves sending a malformed or otherwise malicious SIP INVITE request to a telephony server and causes a crash of that server. Because telephony is usually a critical application, this damage causes significant uproar amongst the users and poses tremendous acceptance problems with VoIP. Those kinds of attacks do not necessarily affect only SIP-based systems; all implementations with vulnerabilities in the VoIP area are affected. However, sending INVITE packets is the most popular way of attacking telephony systems.
The name is a reference to the ping of death attack that caused serious trouble in the 1990s.
[edit] PBX Servers
So far, no known virus exists that sends out the INVITE of death. The threat of a virus affects installations in offices that are using an unstable IP-PBX. By just sending malicious packets on port 5060 in the local area network using the local net mask, local systems can be attacked easily. Because on these environments, upgrades are usually not automatic and the installer has to take care about the software, there will be likely a significant service outage.
The INVITE of Death is specifically a problem for operators that run their servers on the public Internet. Because SIP allows the usage of UDP packets, it is easy for an attacker to spoof any source address in the Internet and send the INVITE of death from untraceable locations. By sending these kinds of requests periodically, attackers can completely interrupt the telephony service. The only choice for the service provider is to upgrade their systems until the attack does not crash the system any more.
[edit] VoIP Phones
A large number of vulnerabilities exists for VoIP phones. The type of attacks start with very simple attacks like sending an empty packet and go to the phone to sequences that require up to ten packets to attack a phone.
DoS on VoIP phones are less critical that attacks on central devices like IP-PBX. Usually only the endpoint is affected. However, when systematic attacks are in place, the whole set of phones may become unusable. Therefore, VoIP phones should receive the same attention as IP-PBX.