beautypg.com

AudioCodes MEDIAPACK VERSION 6.2 User Manual

Page 20

background image

SIP Release Notes

20

Document #: LTRT-26901

CPE SIP Products

4.

SIP Secure Connection Vulnerability:

Product

MP-11x

MP-124

Mediant 600

Mediant

1000

Mediant 800 MSBG

Mediant

1000

MSBG

Mediant 2000

Mediant 3000/TP-6310

Mediant

3000

HA/TP-6310

Mediant 3000/TP-8410

Mediant

3000

HA/TP-8410

Management Protocol

Web

INI

SNMP

EMS

CLI

This feature provides support for securing the device’s resources against SIP spam
and invalid SIP messages:

Securing memory resources:

Socket Resource Abuse: Connections that are established without
subsequent data transmission are released (after one minute), allowing the
establishment of new connections.

Established Connection Flood: The device detects and subsequently
discards any flood of “false” connections (which typically prevents
establishment of new legitimate connections). The device effectively
manages its socket resources, releasing unused sockets for required
connections.

CPU:

Loop-Amplification Scenario: The device prevents routing between its
interfaces. The attacker needs to convince the device to re-write a request to
a location, which resolves to the device itself. This can be done if the routing
is according to the SIP Request-URI header and the address specified is the
device’s IP address. This results in the server over loading itself. Another
method for creating loops is through a SIP proxy to which the device routes
and this proxy routes it back to the device.
For MSBG products, the SBCMaxForwardsLimit parameter is used to limit
the SIP Max-Forwards header value.

Malformed SIP Requests: Malformed SIP message requests are typically
sent to cause false, expensive SIP parsing, thereby wasting CPU resources.
The device’s parsing has been significantly improved to detect malformed
messages and to reject such messages in early parsing stages.

SIP Vulnerabilities:

General Parser Errors: Parser errors (invalid SIP messages) do not cause
loss of service.

SIP Content-Length header greater than the message’s body: This can
cause delayed or no service by causing a TCP to wait for that body to arrive.
- TCP: maximum message length is dictated.
- UDP: Content-Length is validated with the packet size. If the packet size is
not as declared in the Content-Length header, only the actual body size is
validated and the Content-Length header is ignored.

Invalid Content-Length header: The device ignores such messages.

Null characters are allowed only in the SIP message’s body according to the
SIP ABNF. The device rejects messages that arrive with null characters in
the headers part of the message. This ensures that the device doesn’t
forward invalid messages that can be harmful to the internal network.