Cisco IP Phone: Forced Reboot

• Tools:

• • tcpkill - Sniffs network traffic for a TCP session and injects RST packets to forcibly close the connection

• Vendor Response: 04/20/2004

• • http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml
  • Summary: Fixed adhering to version 2 of http://tools.ietf.org/wg/tcpm/draft-ietf-tcpm-tcpsecure/
  • Result: Attack is slightly harder but not much. Phone still reboots.

• Mitigation:

• • The device should re-establish the session rather than performing a full device reboot.
  • (like when you prompt a RST via an ICMP destination/protocol unreachable (Type 3, Code 2) attack against the CCM (BID:12134))