-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 3 Dec 2004, Mark Teicher wrote:
Has anyone observed SIP network based exploits such as:
Malformed SIP Message attacks
SIP register flooding attacks
Injection of unauthorized RTP session attacks
DDOS into existing RTP Flow attacks
RTP session hijacking attacks
in a live production network not just simulation?
Last I saw, the Session Initiation Protocol (SIP) was being
championed exclusively by Microsoft and everyone else was using the IETF
standard XMPP. Moreover, most of the Microsoft SIP products were -- last
time I looked -- hardly what you'd call ready for prime-time.
Heck, 99.9% of the literature I've seen on SIP is little but a
valentine that Microsoft wrote to itself. And I'm being nice here.
The most recent news on the subject that I've seen indicated that
Microsoft planned a release on December 1st for the latest version of its
server software which (and I quote) "aims to give companies more secure
instant messaging and other corporate communications tools."
*ahem* Microsoft offering a "secure" service? That'll be a
refreshing change from the usual MS-malware fare.
- -Jay
( ( _______
)) )) .-"There's always time for a good cup of coffee"-. >====<--.
C|~~|C|~~| (>----- Jay D. Dyson -- jdyson@treachery.net -----<) | = |-'
`--' `--' `---- Doves fly in flocks. Eagles fly solo. ----' `------'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.
iD8DBQFBsKzsBYoRACwSF0cRAjXcAJ91bMTy1Vfy8zECuHmP6Rb3usQ7YwCgqQGv
082LrVqg6wdkCuMqLWa8OCk=
=ftmn
-----END PGP SIGNATURE-----
