%% You should probably cite rfc5393 instead of this I-D. @techreport{ietf-sip-fork-loop-fix-08, number = {draft-ietf-sip-fork-loop-fix-08}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-sip-fork-loop-fix/08/}, author = {Robert Sparks and Byron Campen and Scott Lawrence and Alan Hawrylyshen}, title = {{Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies}}, pagetotal = 20, year = 2008, month = oct, day = 29, abstract = {This document normatively updates RFC 3261, the Session Initiation Protocol (SIP), to address a security vulnerability identified in SIP proxy behavior. This vulnerability enables an attack against SIP networks where a small number of legitimate, even authorized, SIP requests can stimulate massive amounts of proxy-to-proxy traffic. This document strengthens loop-detection requirements on SIP proxies when they fork requests (that is, forward a request to more than one destination). It also corrects and clarifies the description of the loop-detection algorithm such proxies are required to implement. Additionally, this document defines a Max-Breadth mechanism for limiting the number of concurrent branches pursued for any given request. {[}STANDARDS-TRACK{]}}, }