UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 5393

Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 December 2008
Status: active
Page Count: 20
scope:

This document normatively updates RFC 3261, the Session Initiation Protocol (SIP), to address a security vulnerability identified in SIP proxy behavior. This vulnerability enables an attack against SIP networks where a small number of legitimate, even authorized, SIP requests can stimulate massive amounts of proxy-to-proxy traffic.

This document strengthens loop-detection requirements on SIP proxies when they fork requests (that is, forward a request to more than one destination). It also corrects and clarifies the description of the loop-detection algorithm such proxies are required to implement. Additionally, this document defines a Max-Breadth mechanism for limiting the number of concurrent branches pursued for any given request.

Document History

IETF RFC 5393
December 1, 2008
Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies
This document normatively updates RFC 3261, the Session Initiation Protocol (SIP), to address a security vulnerability identified in SIP proxy behavior. This vulnerability enables an attack against...

References

This document is referenced by:
ATIS 1000025 - User to Network Interface (UNI) Standard for Signaling and Control Security Requirements for Evolving VoP/Multimedia Networks
Published by ATIS on May 1, 2013
The scope of this standard is to define the User to Network Interface Signaling Security requirements. The standard addresses security requirements for voice over packet and multimedia security,...
This document is referenced by:
IETF RFC 7247 - Interworking between the Session Initiation Protocol (SIP) and the Extensible Messaging and Presence Protocol (XMPP): Architecture, Addresses, and Error Handling
Published by IETF on May 1, 2014
As a foundation for the definition of bidirectional protocol mappings between the Session Initiation Protocol (SIP) and the Extensible Messaging and Presence Protocol (XMPP), this document specifies...
This document is referenced by:
IETF RFC 7332 - Loop Detection Mechanisms for Session Initiation Protocol (SIP) Back-to-Back User Agents (B2BUAs)
Published by IETF on August 1, 2014
SIP Back-to-Back User Agents (B2BUAs) can cause unending SIP request routing loops because, as User Agent Clients, they can generate SIP requests with new Max-Forwards values. This document discusses...
This document is referenced by:
TR 124 969 - Universal Mobile Telecommunications System (UMTS); LTE; Business trunking; Next Generation Corporate Network (NGCN) - Next Generation Network (NGN) interfaces implementation guide
Published by ETSI on April 1, 2022
The purpose of the present document is to give an implementation guide to the relevant Common IMS specifications and functions used in the interconnection of a Next Generation Corporate Network site...
This document is referenced by:
TS 101 553-1 - Core Network and Interoperability Testing (INT); Testing of the IBCF requirements; (3GPP Release 12); Part 1: Protocol Implementation Conformance Statement (PICS)
Published by ETSI on September 1, 2016
The present document covers the Protocol Implementation Conformance Statement of testing the IBCF requirements. The focus is the Ic interface as the interconnection point between two network...
This document supersedes:
RFC 3261 - SIP: Session Initiation Protocol
Published by IETF on June 1, 2002
A description is not available for this item.
This document supersedes:
RFC 3261 - SIP: Session Initiation Protocol
Published by IETF on June 1, 2002
A description is not available for this item.
View Less
View All
Advertisement