@techreport{state-sip-relay-attack-00,
    number =    {draft-state-sip-relay-attack-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-state-sip-relay-attack/00/},
    author =    {Humberto Abdelnur and Victor Pascual},
    title =     {{SIP digest authentication relay attack}},
    pagetotal = 18,
    year =      2009,
    month =     mar,
    day =       2,
    abstract =  {The Session Initiation Protocol (SIP {[}RFC3261{]}) provides a mechanism for creating, modifying, and terminating sessions with one or more participants. This document describes a vulnerability of SIP combined with HTTP Digest Access Authentication {[}RFC2617{]} through which an attacker can leverage the victim's credentials to send authenticated requests on his behalf. This attack is different from the man-in-the-middle (MITM) attack and does not require any eavesdropping, DNS or IP spoofing.},
}