IP network level threats face any application that is connected to an IP network such as the Internet or includes campus and corporate networks. Servers and clients for Email and web applications have faced these threats for ten years or more, and the range of threats and the technologies used to exploit them is well understood. However new threats are constantly emerging as is evident from vulnerability tracking services such as Security Focus.
IP network level threats fall into 3 main categories:
â€¢ Malformed packet attacks
â€¢ Flooding attacks
â€¢ Buffer overflow attacks
Malformed Packet Attacks
These attacks attempt to swamp an application server with malformed or illegal packets. There have been a number of examples of this kind of attack. One example, Jolt2 was particularly effective against Windows systems as it tied up system resources eventually causing all other services to fail. Other examples include ping-of-death which sends malformed (over length) ping requests. Vulnerable systems crash or slow down to the extent that applications cease to function correctly.
These attacks rely on sending legitimate packets, sending such high volumes that the targeted system is so busy processing the requests that it is unable to process anything else. Even if the targeted system is able to continue to process requests, it can become so slow that applications cease to function correctly. Examples of flooding attacks include SYN Floods and UDP flood attacks.
Buffer Overflow Attacks
A buffer overflow attack exploits a software bug or coding error. A buffer overflow condition occurs when an application attempts to store data in a memory buffer that is too small for that data. If this operation is not checked and stopped, then the stored data will over-write some other memory location. If that location contained executable code then a carefully crafted message can replace that executable code with code written by the attacker. Network applications are particularly at risk from these threats as an attacker can easily send arbitrary length data to an application server. The consequences can be serious, allowing an attacker to gain control over a targeted server.
Buffer overflow vulnerabilities are common, virtually every network application server ever written has been found to be vulnerable to one or more or these vulnerabilities. Sendmail, a widely used email server, has been the subject of numerous alerts, but perhaps the most well-known example is the Code Red Worm that targeted Microsoftâ€™s IIS.
Impact on VoIP Systems
Itâ€™s easy to loose sight of the fact that all VoIP systems are IP applications and therefore potentially at risk from these IP network level threats. If anything, VoIP systems are more vulnerable to these threats than applications such as web and email because VoIP services are much more sensitive to processing delays or network latency. The quality of a voice call relies on fast and consistent packet delivery. Any degradation to the quality of a voice call will be noticed much more quickly than a short delay in delivering an email message or loading a web page.