@misc{rfc5393,
    series =    {Request for Comments},
    number =    5393,
    howpublished =  {RFC 5393},
    publisher = {RFC Editor},
    doi =       {10.17487/RFC5393},
    url =       {https://www.rfc-editor.org/info/rfc5393},
    author =    {Robert Sparks and Byron Campen and Scott Lawrence and Alan Hawrylyshen},
    title =     {{Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies}},
    pagetotal = 20,
    year =      2008,
    month =     dec,
    abstract =  {This document normatively updates RFC 3261, the Session Initiation Protocol (SIP), to address a security vulnerability identified in SIP proxy behavior. This vulnerability enables an attack against SIP networks where a small number of legitimate, even authorized, SIP requests can stimulate massive amounts of proxy-to-proxy traffic. This document strengthens loop-detection requirements on SIP proxies when they fork requests (that is, forward a request to more than one destination). It also corrects and clarifies the description of the loop-detection algorithm such proxies are required to implement. Additionally, this document defines a Max-Breadth mechanism for limiting the number of concurrent branches pursued for any given request. {[}STANDARDS-TRACK{]}},
}