Cisco IOS Hole Points to VOIP Threat
The IOS flaw was disclosed on Cisco's Website on Jan. 19.
While the flaw is specific to Cisco, it points out the importance of security for VOIP systems in general, as their IP nature leaves them open for denial-of-service (DOS) attacks. DOS attacks involve flooding a router or other appliance with phony packets, which overwhelms the device and prevents it from doing its normal tasks. Security experts have pointed to this as a potential security pitfall of VOIP for some time.
As with many other DOS warnings from Cisco, the latest one involves the dreaded "malformed" packets, which Cisco chooses not to define in specifics. The flaw makes it possible, under certain versions of IOS, to send such packets from a Cisco IP phone to a router port running Cisco's Skinny Call Control Protocol (SCCP). This causes a reset on the router port. By repeating the process frequently enough, an intruder could keep the router in a perpetual reload state, creating a kind of DOS attack.
The DOS problem gets magnified when VOIP enters the picture, because incoming calls will have to be examined to screen out DOS attempts. This is more involved than the transport-level security used to prevent normal DOS attacks. For that reason, some observers believe VOIP security is going to be a serious problem (see VOIP Threats Loom Large and VOIP Security Poses a Problem).
"The type of packet inspection you have to do is much deeper. You have to get into the applications layer and parse the SIP information," says analyst Mark Seery of RHK Inc. That's a step beyond the transport-level security used to prevent most IP-based DOS attacks. Most vendors of session border controllers have begun looking into security, sometimes even developing their own ASICs for packet inspection, Seery says.
It's the latest in a string of DOS vulnerabilities Cisco has discovered during the past couple of years, although not all of them are related to IOS. For example, early in 2004, Cisco found a flaw in its add/drop multiplexers, the ONS 15454, and related systems based on non-IOS technology acquired from Cerent Corp. (See Cisco Reports OSPF Vulnerability and Cisco Finds ADM Security Flaw.)
Cisco has been seeking out these vulnerabilities as DOS attacks have come into vogue. Prevention of DOS attacks has become a hot topic in networking, prompting Cisco to acquire Riverhead Networks for $39 million last year (see Cisco's Security Spree Continues).
Cisco's documentation of the latest IOS vulnerability is online at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml.
— Craig Matsumoto, Senior Editor, Light Reading