IOS SIP vulnerability

Answered Question

Hi! I find a very dangerous vulnerability in IOS. I have a 2811 with an E1 connection to ISP and a h323 connection to remote office. I find out, that my router gets many-many SIP INVITE messages and establishs connection from anywhere to anywhere throught my ISP! I don't use any SIP-phones or any SIP connection to ISP. So, I blocked incoming packets to my router on port 5060.

IOS c2800nm-advipservicesk9-mz.124-15.T4.bin


Why IOS don't block incoming SIP INVITE if I don't have any sip dial-peers and dont' have a config wth "allow connection from sip to"? It is like an open relay in e-mail terminalogy!!! If I want to use SIP, how can I protect my router?

Correct Answer by gogasca about 8 years 5 months ago

Hi sir,


We assume there is some security

configured at all. IOS firewall, ACL on outside interface, IDS, etc.

Once we have that, you can take a look at

some issue we have when SIP was running per default leading to a vulnerable system state.


http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml


CSCsb25337

CSCsh58082


Workarounds are also listed

I understand your concern with peer to peer protocols like H323 and SIP in which the gateway just becomes 'sitting duck' for exploit attempts.


HTH





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
gogasca Sun, 09/14/2008 - 23:58

Hi sir,


We assume there is some security

configured at all. IOS firewall, ACL on outside interface, IDS, etc.

Once we have that, you can take a look at

some issue we have when SIP was running per default leading to a vulnerable system state.


http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml


CSCsb25337

CSCsh58082


Workarounds are also listed

I understand your concern with peer to peer protocols like H323 and SIP in which the gateway just becomes 'sitting duck' for exploit attempts.


HTH





Actions

This Discussion