CompTIA Security+ Exam SY0-601: Understanding the SIP Protocol Attack

CompTIA Security+ Exam SY0-601: Understanding the SIP Protocol Attack

Prev Question Next Question

Question

A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations.

After a few minutes, Internet and VoIP services are restored, only to go offline again at random intervals, typically within four minutes of services being restored.

Outages continue throughout the day, impacting all inbound and outbound connections and services.

Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected.

Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads.

Which of the following BEST describe this type of attack? (Choose two.)

A.

DoS B.

SSL stripping C.

Memory leak D.

Race condition E.

Shimming F.

Refactoring.

AD.

Explanations

A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations.

After a few minutes, Internet and VoIP services are restored, only to go offline again at random intervals, typically within four minutes of services being restored.

Outages continue throughout the day, impacting all inbound and outbound connections and services.

Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected.

Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads.

Which of the following BEST describe this type of attack? (Choose two.)

A.

DoS

B.

SSL stripping

C.

Memory leak

D.

Race condition

E.

Shimming

F.

Refactoring.

AD.

The scenario described is indicative of a denial of service (DoS) attack. A DoS attack occurs when an attacker intentionally floods a network or server with traffic, rendering it inaccessible to legitimate users. In this case, the attacker is exploiting a vulnerability in the SIP protocol handling on the edge router devices, which leads to resource exhaustion and system reloads.

Resource exhaustion is a common tactic used in DoS attacks. The attacker sends a high volume of traffic to the target, overwhelming its processing capabilities and causing it to crash or reload. This can happen repeatedly, as seen in the scenario where the Internet and VoIP services are restored, only to go offline again at random intervals within four minutes of being restored.

The second term that describes the type of attack in this scenario is a memory leak. A memory leak occurs when a program fails to release memory it has reserved for temporary use, causing the system to become unstable or crash. The CVE released by the edge-router manufacturer outlines the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads. This type of attack can also result in a memory leak, as the attacker may cause the device to allocate more memory than it can release, leading to instability or crashes.

In conclusion, the type of attack described in the scenario is a DoS attack that exploits the SIP protocol handling on the edge router devices, leading to resource exhaustion and system reloads. This attack can also result in a memory leak, as the attacker may cause the device to allocate more memory than it can release, leading to instability or crashes.