Sonicwall Signatures


  All Categories

Category: VoIP-ATTACKS

VoIP Category Description

This SonicWALL IPS signature category consists of a group of signatures that can detect and prevent traffic related to attacks on VoIP systems. VoIP or Voice over IP systems allow users to make phone calls over the internet or a local area network. VoIP systems consist of phones running a "skinny" client and routers running software that allows them to act as servers that route packets between two phones. Certain VoIP models use the end points as both servers and clients, allowing users to speak through their computers, while allowing other users' calls to be routed through their computers while they are connected. The vulnerabilities discussed in this category deal specifically with Cisco clients and routing software that are popularly used to implement VoIP networks in many offices.

Attackers can use two main methods to attempt to disrupt VoIP networks. The first invovle attacking the web server that handles VoIP traffic on a particular network. By sending a malformed packet to the web server, for example requestion information on a port that does not exist, attackers can gain sensitive memory information that can be used to intercept calls, or cause the server to crash.

The second type of attacks involve sending malformed packets straight to the phone clients themselves. The telephones use SIP or Session Initiation Protocol, a set of standard requests that are used to open and close calls. Attackers can send malformed packets to the ports on these telephones listening for SIP reuquests, and cause them to reset. A flood of these packets could make the targeted phones impossible to use, shutting down that telephone network.

SonicWALL VoIP signatures are classified from low to medium priority. When enabled for protection, they can keep malicious requests to IP phones from reaching the network at all. Administrators should note, however, that Cisco has released patches for the clients running on IP phones that close these vulnerabilities. Good patching practices should be used in conjunction with SonicWALL signatures to ensure maximum security for VoIP networks.

  Asterisk Open Source PJSIP DoS 1
  Cisco IP Phone SIP INVITE Message DoS
  FusionPBX fax_extension Command Injection 1
  Malformed SIP Request 7
  Malformed SIP Request 8
  HCL Sametime WebPlayer DoS
  Malformed SIP Request 3
  Malformed SIP Request 9
  Asterisk Open Source Session-Expires DoS 1
  Asterisk Open Source Session-Expires DoS 2
  Asterisk Open Source SIP Request DoS 2
  Asterisk Open Source SIP Request DoS 3
  Asterisk Open Source T.38 SDP Buffer Overflow 1
  IAX2 Truncated Header Remote Code Execution
  Asterisk Open Source chan_skinny.c Heap Buffer Overflow
  FreePBX Asterisk Recording Interface Remote Code Execution
  Asterisk Open Source res_pjsip_pubsub DoS
  Asterisk Open Source SIP Channel Driver DoS
  Asterisk Open Source HTTP POST Request DoS 1
  Asterisk Open Source manager.c Remote Command Execution
  Asterisk Open Source UDPTL Buffer Overflow
  Asterisk Open Source HTTP POST Request DoS 2
  Malformed SIP Request 1
  Asterisk Open Source SIP res_format_attr_h264 Buffer Overflow
  FreePBX config.php Remote Code Execution
  Asterisk Open Source SIP TLS Input Validation Spoofing
  Asterisk Open Source PJSIP DoS 7
  FreePBX Framework SQL Injection
  FreePBX Framework Remote Command Execution
  FreePBX Framework Remote Command Execution 2
  FreePBX Framework Remote Command Execution 3
  3CX Phone System Arbitrary File Creation
  Malformed SIP Request 2
  Asterisk Open Source SCCP DoS 1
  Asterisk Open Source SCCP DoS 2
  Malformed SIP Request 4
  Asterisk Open Source PJSIP DoS 2
  Asterisk Open Source PJSIP DoS 3
  Malformed SIP Request 5
  Asterisk Open Source RTCP DoS
  Asterisk Open Source SUBSCRIBE Request Buffer Overflow
  Asterisk Open Source RTP Payload Type DoS
  Asterisk Open Source WebSocket Payload DoS 1
  Asterisk Open Source WebSocket Payload DoS 2
  Asterisk Open Source WebSocket Payload DoS 3
  Asterisk Open Source PJSIP DoS 5
  Asterisk Open Source PJSIP DoS 6
  Asterisk Open Source TCP/TLS DoS
  Malformed SIP Request 6
  FusionPBX exec.php Command Injection 1
  FusionPBX exec.php Command Injection 2
  Sangoma Asterisk manager.c Remote Command Execution
  Kamailio SIP Server Denial Of Service 1
  Kamailio SIP Server Denial Of Service 2
  Intelbras TELEFONE IP Local File Inclusion
  FusionPBX Remote Code Execution
  FusionPBX fax_extension Command Injection 2
  Asterisk Open Source off-hook Mode NULL Pointer Dereference
  Asterisk Open Source PJSIP DoS 8
  Asterisk Open Source SIP sscanf DoS
  HTTP POST Request to SIP Service 1
  HTTP POST Request to SIP Service 2

Relevant Information