lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 19 Sep 2007 21:18:09 -0700
From: Aditya K Sood <zeroknock@...niche.org>
To: bugtraq@...urityfocus.com
Subject: [Mlabs] Scrutinising SIP Payloads : Traversing Attack Vectors in
 VOIP and IM

Hi

I have released core research paper on SIP comprising of Payload problems
and Attack vectors.

This research paper lays stress on the potential weaknesses present in
the SIP
which make it vulnerable to stringent attacks. The point of discussion is to
understand the weak spots in the protocol. The payloads constitute the
request vectors. The protocol inherits well defined security procedures and
implementation objects. The security model is hierarchical and is
diverged in
every working layer of SIP from top to bottom. SIP features can be exploited
easily if definitive attack base is subjugated. We will discuss about
inherited
flaws and methods to combat against predefined attacks. The payloads have
to be scrutinized at the network level. It is critical because payloads are
considered as infection bases to infect networks . The pros and cons will be
enumerated from security perspective.

You can download paper at:

http://mlabs.secniche.org/papers/Scruti_SIP_Payloads.pdf

Regards
Aks aka 0kn0ck

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ