{"draft":"draft-ietf-sip-fork-loop-fix-08","doc_id":"RFC5393","title":"Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies","authors":["R. Sparks, Ed.","S. Lawrence","A. Hawrylyshen","B. Campen"],"format":["ASCII","HTML"],"page_count":"20","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Session Initiation Protocol","abstract":"This document normatively updates RFC 3261, the Session Initiation\r\nProtocol (SIP), to address a security vulnerability identified in SIP\r\nproxy behavior.  This vulnerability enables an attack against SIP\r\nnetworks where a small number of legitimate, even authorized, SIP\r\nrequests can stimulate massive amounts of proxy-to-proxy traffic.\r\n\r\nThis document strengthens loop-detection requirements on SIP proxies\r\nwhen they fork requests (that is, forward a request to more than one\r\ndestination).  It also corrects and clarifies the description of the\r\nloop-detection algorithm such proxies are required to implement.\r\nAdditionally, this document defines a Max-Breadth mechanism for\r\nlimiting the number of concurrent branches pursued for any given\r\nrequest.  [STANDARDS-TRACK]","pub_date":"December 2008","keywords":["[--------]","SIP","application-layer","application","layer","multimedia","multicast","unicast"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC3261"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC5393","errata_url":null}