INVITE_of_Death
INVITE of Death
Type of attack on SIP protocol clients
An INVITE of Death [1] is a type of attack on a VoIP-system that involves sending a malformed or otherwise malicious SIP INVITE request to a telephony server, resulting in a crash of that server. Because telephony is usually a critical application, this damage causes significant disruption to the users and poses tremendous acceptance problems with VoIP. These kinds of attacks do not necessarily affect only SIP-based systems; all implementations with vulnerabilities in the VoIP area are affected. The DoS attack can also be transported in other messages than INVITE. For example, in December 2007 there was a report about a vulnerability in the BYE message ("BYE BYE") by using an obsolete header with the name "Also".[2] However, sending INVITE packets is the most popular way of attacking telephony systems.[3] The name is a reference to the ping of death attack that caused serious trouble in 1995–1997.
This article needs additional citations for verification. (March 2008) |