Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Nicholas2021-03-09 20:33:23
SIP
Nicholas, 2021-03-09 20:33:23

Is it possible to DoS a subscriber via SIP or WebRTC if he has limited traffic?

Let's say a subscriber calls us via SIP or WebRTC from a mobile phone (or we call him ourselves). The server does not transmit RTP media through itself, but tells us the address and port for receiving the stream. We make a call, then the call ends, and on NAT the corresponding port remains open for some time. We can flood this port with unnecessary traffic, and if the subscriber has limited Internet, then he will have to pay for this traffic, and he will not be able to stop it in any way, he can only disconnect from the network. This will result in a DoS attack: having disconnected from the network, he will not be able to receive calls from other people.

Or will it not be necessary, when its client closes the port, it will send Port unreachable, and the operator's NAT on this ICMP will close the port, and the following packets will not reach it?

What if IPv6 is used? there is no NAT, and in general there is no way to protect yourself from such a vulnerability by finding out the client's address in any way, even through SIP, even when accessing any other service, you can always flood it. The firewall on the client side will not save - once the traffic has reached it, it will be counted, even if the firewall on the client rejects it.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Valentin, 2021-03-09
@vvpoloskin

Firstly, it depends on the subscriber's nat (full-cone, port restricted, address restricted) and what the operator's session timeouts are.
Secondly, you described normal ddos ​​per channel. You can take any static address from the operator's network, issued to legal entities, and start flooding it, as a rule, for legal entities, communication services are expensive, they take channels of limited capacity. And then see what happens: the client will write to his operator that it is impossible to use the service, his operator will write to your ddos ​​abuse, your operator will write to you to check, if you continue, then go, then the operator will turn off your Internet, and then you will go according to 273 of the Criminal Code of the Russian Federation. If it is a government agency, then 274.

Similar questions
O
Oleg Shevchenko2021-03-10 17:32:01
How to come up with the numbering of internal telephony? 0Reply
I
Ivan Eliseev2017-03-22 14:52:21
What are the differences between elastix 4 and 5? 3Reply
M
maxxxsudb2019-09-04 12:29:24
You need a managed SIP client through the command line. Where to get one? 1Reply
K
Kirill Petrov2017-04-07 11:56:20
How to make friends with the originate+transfer method in freeswitch configured via fusionpbx? 1Reply
M
Maxim Recipient2019-09-09 20:57:19
Why do I get a 404 error when I try to make a SIPNET call? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question