Filter
Top Products
SIP Release Notes 20 Document #: LTRT-26901
CPE SIP Products
4. SIP Secure Connection Vulnerability:
Product
MP-11x MP-124
Mediant 600 Mediant 1000
Mediant 800 MSBG Mediant 1000 MSBG
Mediant 2000
Mediant 3000/TP-6310 Mediant 3000 HA/TP-6310
Mediant 3000/TP-8410 Mediant 3000 HA/TP-8410
Management Protocol
Web INI
SNMP
EMS
CLI
This feature provides support for securing the device’s resources against SIP spam
and invalid SIP messages:
• Securing memory resources:
♦ Socket Resource Abuse: Connections that are established without
subsequent data transmission are released (after one minute), allowing the
establishment of new connections.
♦ Established Connection Flood: The device detects and subsequently
discards any flood of “false” connections (which typically prevents
establishment of new legitimate connections). The device effectively
manages its socket resources, releasing unused sockets for required
connections.
• CPU:
♦ Loop-Amplification Scenario: The device prevents routing between its
interfaces. The attacker needs to convince the device to re-write a request to
a location, which resolves to the device itself. This can be done if the routing
is according to the SIP Request-URI header and the address specified is the
device’s IP address. This results in the server over loading itself. Another
method for creating loops is through a SIP proxy to which the device routes
and this proxy routes it back to the device.
For MSBG products, the SBCMaxForwardsLimit parameter is used to limit
the SIP Max-Forwards header value.
♦ Malformed SIP Requests: Malformed SIP message requests are typically
sent to cause false, expensive SIP parsing, thereby wasting CPU resources.
The device’s parsing has been significantly improved to detect malformed
messages and to reject such messages in early parsing stages.
• SIP Vulnerabilities:
♦ General Parser Errors: Parser errors (invalid SIP messages) do not cause
loss of service.
♦ SIP Content-Length header greater than the message’s body: This can
cause delayed or no service by causing a TCP to wait for that body to arrive.
- TCP: maximum message length is dictated.
- UDP: Content-Length is validated with the packet size. If the packet size is
not as declared in the Content-Length header, only the actual body size is
validated and the Content-Length header is ignored.
♦ Invalid Content-Length header: The device ignores such messages.
♦ Null characters are allowed only in the SIP message’s body according to the
SIP ABNF. The device rejects messages that arrive with null characters in
the headers part of the message. This ensures that the device doesn’t
forward invalid messages that can be harmful to the internal network.