Technical reports:
Security testing of SIP implementations
Christian Wieser; Marko Laakso; Henning G. Schulzrinne
Downloads:
- Title:
- Security testing of SIP implementations
- Author(s):
-
Wieser, Christian
Laakso, Marko
Schulzrinne, Henning G. - Date:
- 2003
- Type:
- Technical reports
- Department:
- Computer Science
- Permanent URL:
- http://hdl.handle.net/10022/AC:P:29197
- Series:
- Columbia University Computer Science Technical Reports
- Part Number:
- CUCS-024-03
- Publisher:
- Department of Computer Science, Columbia University
- Publisher Location:
- New York
- Abstract:
- The Session Initiation Protocol (SIP) is a signaling protocol for Internet telephony, multimedia conferencing and instant messaging. Although SIP implementations have not yet been widely deployed, the product portfolio is expanding rapidly. We describe a method to assess the robustness of SIP implementation by describing a tool to find vulnerabilities. We prepared the test material and carried out tests against a sample set of existing implementations. Results were reported to the vendors and the test suite was made publicly available. Many of the implementations available for evaluation failed to perform in a robust manner under the test. Some failures had information security implications, and should be considered vulnerabilities.
- Subject(s):
- Computer science
- Item views:
- 131