I've submitted a draft-zourzouvillys-sip-via-cookie-01, which addresses typos and feedback from people, although the underlying mechanism has not changed at all.

The new -01 draft does however contain some actual calculations on the extent of the problem, and as such i've upated the abstract to contain some fearmongering text :) ...

This document addresses a vulnerability in publicly accessible SIP servers (servers includes both UASes and proxies) that enables them to be used as an amplifier in an untracable reflected denial of service attack. The amplification ratio is between 1:10 to over 1:350 in both packets and bytes.

Discussion in IETF SIP working group has been good so far, and the draft well received.

Feedback, as always, most welcomed.

Labels: cookie, omnomom, sip