SIP robustness testing for large-scale use
The Session Initiation Protocol (SIP) is a signaling protocol for Internet telephony, multimedia conferencing and instant messaging. We describe a method for assessing the robustness of SIP implementation by means of a tool that detects vulnerabilities. We prepared the test material and carried out the tests against a sample set of existing implementations. Many of the implementations available failed to perform in a robust manner under the test. Some failures had information security implications and should hence be considered as vulnerabilities. The results were reported to the respective vendors and, after a grace period, the test suite is now publicly available. By releasing the test material to the public, we hope to contribute to more robust SIP implementations.
Full Text: PDF