SlideShare ist ein Scribd-Unternehmen logo

Gaurav - VoIP - ClubHack2007

ClubHack
ClubHack
TechnologieBusiness
1 von 13
Downloaden Sie, um offline zu lesen
Gaurav Saha November 23, 2007 Sipera Proprietary & Confidential 1
The Sipera Approach • Learn Sipera VIPER™ lab concentrates all its efforts on Vulnerability Research to learn about different kinds of unique threats in SIP/IMS/UMA networks and UA • Verify Sipera LAVA™ tool emulate thousands of attacks to verify above threats. • Protect Sipera IPCS™ products combines VPN, Firewall, IPS etc functionality for VoIP systems in a single device to protect and enable unified communications. November 23, 2007 Sipera Proprietary & Confidential 2
Talk Outline 1. VoIP Overview 2. VoIP protocols 3. SIP Protocol Analysis 4. Weaknesses in VoIP Protocols 5. Attack Vectors 6. Conclusion 7. Demo November 23, 2007 Sipera Proprietary & Confidential 3
VoIP Overview • What is VoIP? VoIP is an IP telephony service which converts analog data signals into digital signals and carries it over internet. • Why VoIP? Cost Effective Flexible and Easy implementation Advance Services November 23, 2007 Sipera Proprietary & Confidential 4
VoIP Protocols • H.323 • Session Initiation Protocol ( SIP ) • Skinny Client Control Protocol ( SCCP ) • Media Gateway Control Protocol ( MGCP ) November 23, 2007 Sipera Proprietary & Confidential 5
SIP Protocol Overview • SIP stands for Session Initiation Protocol SIP is signaling protocol Plain-Text like HTTP Supports encryption like HTTPS Supports TLS Supports encryption of VoIP Media Data • SIP Components User Agent Client ( UAC ) User Agent Server ( UAS ) November 23, 2007 Sipera Proprietary & Confidential 6
SIP Architecture Server: abc.com Server: xyz.com joe@abc.com john@abc.com alice@xyz.com veronica@xyz.com How call are made between to VoIP Phones November 23, 2007 Sipera Proprietary & Confidential 7
SIP Call Flow Call Flow: How the whole session looks like. November 23, 2007 Sipera Proprietary & Confidential 8
Weaknesses and Vulnerabilities in SIP • UAS/UAC identity disclosure • Username/Password cracking • Eavesdropping • Data Mangling • SIP call Setup, Routing and Termination November 23, 2007 Sipera Proprietary & Confidential 9
Attack Vectors • UAS/UAC identity disclosure Similar to Banner Grabbing. Users Enumeration • Username/Password cracking Call/Toll Fraud Spamming November 23, 2007 Sipera Proprietary & Confidential 10
Attack Vectors • Eavesdropping Spying Mass Password Discovery • Data Mangling Phishing Spam Over Internet Telephony QoS Degradation November 23, 2007 Sipera Proprietary & Confidential 11
Attack Vectors • SIP call Setup, Routing and Termination Fake REGISTER and INVITE Active Eavesdropping Fake REGISTER, BYE and CANCEL • Denial of Service Attack ( DoS ) Flooding ( INVITE, REGISTER, SUBSCRIBE, BYE … et al ) Stealth DoS Call Jamming Distributed DoS ( DDoS ) November 23, 2007 Sipera Proprietary & Confidential 12
DEMONSTRATION Witness your desk phone getting 0w||3d !! Thank You ☺ November 23, 2007 Sipera Proprietary & Confidential 13

Empfohlen

ShadowVox
ShadowVoxShadowVox
ShadowVoxEtherSpeak, Inc.
 
Voip
VoipVoip
VoipHardik Kakadiya
 
Group Chat - New Feature of Linphone Application
Group Chat - New Feature of Linphone ApplicationGroup Chat - New Feature of Linphone Application
Group Chat - New Feature of Linphone ApplicationLucy Kristena
 
2014 voip방화벽 시온
2014 voip방화벽 시온2014 voip방화벽 시온
2014 voip방화벽 시온시온시큐리티
 
Solo Home Gateway
Solo Home GatewaySolo Home Gateway
Solo Home GatewaySOLO Gateway
 
Cd213 percy-audiocodes
Cd213 percy-audiocodesCd213 percy-audiocodes
Cd213 percy-audiocodesTran Thanh
 
Video + Konferecja Polska 2014. Sześć najważniejszych koncepcji związanych z ...
Video + Konferecja Polska 2014. Sześć najważniejszych koncepcji związanych z ...Video + Konferecja Polska 2014. Sześć najważniejszych koncepcji związanych z ...
Video + Konferecja Polska 2014. Sześć najważniejszych koncepcji związanych z ...TrueConf
 
Sathish Resume New_New
Sathish Resume New_NewSathish Resume New_New
Sathish Resume New_NewSathish Shetty M G
 

Empfohlen

ShadowVox
ShadowVoxShadowVox
ShadowVoxEtherSpeak, Inc.
 
Voip
VoipVoip
VoipHardik Kakadiya
 
Group Chat - New Feature of Linphone Application
Group Chat - New Feature of Linphone ApplicationGroup Chat - New Feature of Linphone Application
Group Chat - New Feature of Linphone ApplicationLucy Kristena
 
2014 voip방화벽 시온
2014 voip방화벽 시온2014 voip방화벽 시온
2014 voip방화벽 시온시온시큐리티
 
Solo Home Gateway
Solo Home GatewaySolo Home Gateway
Solo Home GatewaySOLO Gateway
 
Cd213 percy-audiocodes
Cd213 percy-audiocodesCd213 percy-audiocodes
Cd213 percy-audiocodesTran Thanh
 
Video + Konferecja Polska 2014. Sześć najważniejszych koncepcji związanych z ...
Video + Konferecja Polska 2014. Sześć najważniejszych koncepcji związanych z ...Video + Konferecja Polska 2014. Sześć najważniejszych koncepcji związanych z ...
Video + Konferecja Polska 2014. Sześć najważniejszych koncepcji związanych z ...TrueConf
 
Sathish Resume New_New
Sathish Resume New_NewSathish Resume New_New
Sathish Resume New_NewSathish Shetty M G
 
Характеристика КИМов ГИА 2011 по биологии
Характеристика КИМов ГИА 2011 по биологииХарактеристика КИМов ГИА 2011 по биологии
Характеристика КИМов ГИА 2011 по биологииЕкатерина Луговова
 
1. teoria. pintura escultura del segle xx. 1
1. teoria. pintura escultura del segle xx. 11. teoria. pintura escultura del segle xx. 1
1. teoria. pintura escultura del segle xx. 1jgutier4
 
1. мурус
1. мурус1. мурус
1. мурусstartuppoint
 
PARA KAZANMAK
PARA KAZANMAKPARA KAZANMAK
PARA KAZANMAKRaci Göktaş
 
Bunu ona asla yapmayin!
Bunu ona asla yapmayin!Bunu ona asla yapmayin!
Bunu ona asla yapmayin!Raci Göktaş
 
Webbstjärnan - vad och hur
Webbstjärnan - vad och hurWebbstjärnan - vad och hur
Webbstjärnan - vad och hurWebbstjarnan |.SE
 
taula arxius
taula arxiustaula arxius
taula arxiusablameiko666
 
Daughter of a Witch Jess’s Story
Daughter of a Witch Jess’s StoryDaughter of a Witch Jess’s Story
Daughter of a Witch Jess’s StoryAuroraDay01
 
Next Level - Dierenpark Emmen
Next Level - Dierenpark EmmenNext Level - Dierenpark Emmen
Next Level - Dierenpark EmmenNIMA
 
MassDevelopment FY2006 Annual Report
MassDevelopment FY2006 Annual ReportMassDevelopment FY2006 Annual Report
MassDevelopment FY2006 Annual ReportMassDevelopment
 
World Health Congress 2009 Europe Market Insight
World Health Congress 2009 Europe Market InsightWorld Health Congress 2009 Europe Market Insight
World Health Congress 2009 Europe Market Insightrongyi
 
Compilatie super !
Compilatie super !Compilatie super !
Compilatie super !Robert
 
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008ClubHack
 
Listado de 10 productos innovadores
Listado de 10 productos innovadoresListado de 10 productos innovadores
Listado de 10 productos innovadoresdaidsanty2
 
Enhancing your work through the strategic use of social media and other techn...
Enhancing your work through the strategic use of social media and other techn...Enhancing your work through the strategic use of social media and other techn...
Enhancing your work through the strategic use of social media and other techn...National Dissemination Center for Children with Disabilities
 
11. windstromet dks 11
11. windstromet dks 1111. windstromet dks 11
11. windstromet dks 11DIPECHO Nepal
 
Reggaetones
ReggaetonesReggaetones
ReggaetonesCHRISTIAN ALEGRIA
 
BCC 2004 - Research Needs In Biometrics
BCC 2004 - Research Needs In BiometricsBCC 2004 - Research Needs In Biometrics
BCC 2004 - Research Needs In BiometricsDuane Blackburn
 
8
88
8friendbd2
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Fatih Ozavci
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraudFlavio Eduardo de Andrade Goncalves
 
Sip & its application
Sip & its applicationSip & its application
Sip & its applicationPoulami Pal
 

Weitere ähnliche Inhalte

Andere mochten auch

Характеристика КИМов ГИА 2011 по биологии
Характеристика КИМов ГИА 2011 по биологииХарактеристика КИМов ГИА 2011 по биологии
Характеристика КИМов ГИА 2011 по биологииЕкатерина Луговова
 
1. teoria. pintura escultura del segle xx. 1
1. teoria. pintura escultura del segle xx. 11. teoria. pintura escultura del segle xx. 1
1. teoria. pintura escultura del segle xx. 1jgutier4
 
Bunu ona asla yapmayin!
Bunu ona asla yapmayin!Bunu ona asla yapmayin!
Bunu ona asla yapmayin!Raci Göktaş
 
Daughter of a Witch Jess’s Story
Daughter of a Witch Jess’s StoryDaughter of a Witch Jess’s Story
Daughter of a Witch Jess’s StoryAuroraDay01
 
Next Level - Dierenpark Emmen
Next Level - Dierenpark EmmenNext Level - Dierenpark Emmen
Next Level - Dierenpark EmmenNIMA
 
MassDevelopment FY2006 Annual Report
MassDevelopment FY2006 Annual ReportMassDevelopment FY2006 Annual Report
MassDevelopment FY2006 Annual ReportMassDevelopment
 
World Health Congress 2009 Europe Market Insight
World Health Congress 2009 Europe Market InsightWorld Health Congress 2009 Europe Market Insight
World Health Congress 2009 Europe Market Insightrongyi
 
Compilatie super !
Compilatie super !Compilatie super !
Compilatie super !Robert
 
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008ClubHack
 
Listado de 10 productos innovadores
Listado de 10 productos innovadoresListado de 10 productos innovadores
Listado de 10 productos innovadoresdaidsanty2
 
11. windstromet dks 11
11. windstromet dks 1111. windstromet dks 11
11. windstromet dks 11DIPECHO Nepal
 
BCC 2004 - Research Needs In Biometrics
BCC 2004 - Research Needs In BiometricsBCC 2004 - Research Needs In Biometrics
BCC 2004 - Research Needs In BiometricsDuane Blackburn
 

Andere mochten auch (19)

Характеристика КИМов ГИА 2011 по биологии
Характеристика КИМов ГИА 2011 по биологииХарактеристика КИМов ГИА 2011 по биологии
Характеристика КИМов ГИА 2011 по биологии
 
1. teoria. pintura escultura del segle xx. 1
1. teoria. pintura escultura del segle xx. 11. teoria. pintura escultura del segle xx. 1
1. teoria. pintura escultura del segle xx. 1
 
1. мурус
1. мурус1. мурус
1. мурус
 
PARA KAZANMAK
PARA KAZANMAKPARA KAZANMAK
PARA KAZANMAK
 
Bunu ona asla yapmayin!
Bunu ona asla yapmayin!Bunu ona asla yapmayin!
Bunu ona asla yapmayin!
 
Webbstjärnan - vad och hur
Webbstjärnan - vad och hurWebbstjärnan - vad och hur
Webbstjärnan - vad och hur
 
taula arxius
taula arxiustaula arxius
taula arxius
 
Daughter of a Witch Jess’s Story
Daughter of a Witch Jess’s StoryDaughter of a Witch Jess’s Story
Daughter of a Witch Jess’s Story
 
Next Level - Dierenpark Emmen
Next Level - Dierenpark EmmenNext Level - Dierenpark Emmen
Next Level - Dierenpark Emmen
 
MassDevelopment FY2006 Annual Report
MassDevelopment FY2006 Annual ReportMassDevelopment FY2006 Annual Report
MassDevelopment FY2006 Annual Report
 
World Health Congress 2009 Europe Market Insight
World Health Congress 2009 Europe Market InsightWorld Health Congress 2009 Europe Market Insight
World Health Congress 2009 Europe Market Insight
 
Compilatie super !
Compilatie super !Compilatie super !
Compilatie super !
 
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
Aseem - AntiSpam - Understanding the good, the bad and the ugly - ClubHack2008
 
Listado de 10 productos innovadores
Listado de 10 productos innovadoresListado de 10 productos innovadores
Listado de 10 productos innovadores
 
Enhancing your work through the strategic use of social media and other techn...
Enhancing your work through the strategic use of social media and other techn...Enhancing your work through the strategic use of social media and other techn...
Enhancing your work through the strategic use of social media and other techn...
 
11. windstromet dks 11
11. windstromet dks 1111. windstromet dks 11
11. windstromet dks 11
 
Reggaetones
ReggaetonesReggaetones
Reggaetones
 
BCC 2004 - Research Needs In Biometrics
BCC 2004 - Research Needs In BiometricsBCC 2004 - Research Needs In Biometrics
BCC 2004 - Research Needs In Biometrics
 
8
88
8
 

Ähnlich wie Gaurav - VoIP - ClubHack2007

Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Fatih Ozavci
 
Sip & its application
Sip & its applicationSip & its application
Sip & its applicationPoulami Pal
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
 
FOSS Sthlm: Realtime Communication Update
FOSS Sthlm: Realtime Communication UpdateFOSS Sthlm: Realtime Communication Update
FOSS Sthlm: Realtime Communication UpdateOlle E Johansson
 
Security Issues In Voip
Security Issues In VoipSecurity Issues In Voip
Security Issues In VoipWaqas Daar
 
Astricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsAstricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsOlle E Johansson
 
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011François Proulx
 
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tDefcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tpseudor00t overflow
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Sydney UC - February 2015
Sydney UC - February 2015Sydney UC - February 2015
Sydney UC - February 2015justimorris
 
F5 GOV Round Table - Application Centeric Security
F5 GOV Round Table - Application Centeric SecurityF5 GOV Round Table - Application Centeric Security
F5 GOV Round Table - Application Centeric SecurityTzoori Tamam
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
VoIP Monitoring and Troubleshooting
VoIP Monitoring and TroubleshootingVoIP Monitoring and Troubleshooting
VoIP Monitoring and TroubleshootingThousandEyes
 
Spying The Wire
Spying The WireSpying The Wire
Spying The WireDon Anto
 
V2 d2013 saúl ibarra - sip2sip
V2 d2013 saúl ibarra - sip2sipV2 d2013 saúl ibarra - sip2sip
V2 d2013 saúl ibarra - sip2sipVOIP2DAY
 

Ähnlich wie Gaurav - VoIP - ClubHack2007 (20)

Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
 
Sip & its application
Sip & its applicationSip & its application
Sip & its application
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
 
FOSS Sthlm: Realtime Communication Update
FOSS Sthlm: Realtime Communication UpdateFOSS Sthlm: Realtime Communication Update
FOSS Sthlm: Realtime Communication Update
 
Security Issues In Voip
Security Issues In VoipSecurity Issues In Voip
Security Issues In Voip
 
Astricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsAstricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installations
 
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011
Wi-Fi: Secure or Open / Secure Open Wireless Access / SOWA @ HackFest 2011
 
Rethinking the PBX
Rethinking the PBXRethinking the PBX
Rethinking the PBX
 
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tDefcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 
Sydney UC - February 2015
Sydney UC - February 2015Sydney UC - February 2015
Sydney UC - February 2015
 
F5 GOV Round Table - Application Centeric Security
F5 GOV Round Table - Application Centeric SecurityF5 GOV Round Table - Application Centeric Security
F5 GOV Round Table - Application Centeric Security
 
Asterisk Deployments
Asterisk DeploymentsAsterisk Deployments
Asterisk Deployments
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
 
VoIP Monitoring and Troubleshooting
VoIP Monitoring and TroubleshootingVoIP Monitoring and Troubleshooting
VoIP Monitoring and Troubleshooting
 
Spying The Wire
Spying The WireSpying The Wire
Spying The Wire
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
 
V2 d2013 saúl ibarra - sip2sip
V2 d2013 saúl ibarra - sip2sipV2 d2013 saúl ibarra - sip2sip
V2 d2013 saúl ibarra - sip2sip
 
SIP2SIP: SIP gratis para las masas
SIP2SIP: SIP gratis para las masasSIP2SIP: SIP gratis para las masas
SIP2SIP: SIP gratis para las masas
 

Mehr von ClubHack

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack
 

Mehr von ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 

Kürzlich hochgeladen

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Kürzlich hochgeladen (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

Gaurav - VoIP - ClubHack2007

  • 1. Gaurav Saha November 23, 2007 Sipera Proprietary & Confidential 1
  • 2. The Sipera Approach • Learn Sipera VIPER™ lab concentrates all its efforts on Vulnerability Research to learn about different kinds of unique threats in SIP/IMS/UMA networks and UA • Verify Sipera LAVA™ tool emulate thousands of attacks to verify above threats. • Protect Sipera IPCS™ products combines VPN, Firewall, IPS etc functionality for VoIP systems in a single device to protect and enable unified communications. November 23, 2007 Sipera Proprietary & Confidential 2
  • 3. Talk Outline 1. VoIP Overview 2. VoIP protocols 3. SIP Protocol Analysis 4. Weaknesses in VoIP Protocols 5. Attack Vectors 6. Conclusion 7. Demo November 23, 2007 Sipera Proprietary & Confidential 3
  • 4. VoIP Overview • What is VoIP? VoIP is an IP telephony service which converts analog data signals into digital signals and carries it over internet. • Why VoIP? Cost Effective Flexible and Easy implementation Advance Services November 23, 2007 Sipera Proprietary & Confidential 4
  • 5. VoIP Protocols • H.323 • Session Initiation Protocol ( SIP ) • Skinny Client Control Protocol ( SCCP ) • Media Gateway Control Protocol ( MGCP ) November 23, 2007 Sipera Proprietary & Confidential 5
  • 6. SIP Protocol Overview • SIP stands for Session Initiation Protocol SIP is signaling protocol Plain-Text like HTTP Supports encryption like HTTPS Supports TLS Supports encryption of VoIP Media Data • SIP Components User Agent Client ( UAC ) User Agent Server ( UAS ) November 23, 2007 Sipera Proprietary & Confidential 6
  • 7. SIP Architecture Server: abc.com Server: xyz.com joe@abc.com john@abc.com alice@xyz.com veronica@xyz.com How call are made between to VoIP Phones November 23, 2007 Sipera Proprietary & Confidential 7
  • 8. SIP Call Flow Call Flow: How the whole session looks like. November 23, 2007 Sipera Proprietary & Confidential 8
  • 9. Weaknesses and Vulnerabilities in SIP • UAS/UAC identity disclosure • Username/Password cracking • Eavesdropping • Data Mangling • SIP call Setup, Routing and Termination November 23, 2007 Sipera Proprietary & Confidential 9
  • 10. Attack Vectors • UAS/UAC identity disclosure Similar to Banner Grabbing. Users Enumeration • Username/Password cracking Call/Toll Fraud Spamming November 23, 2007 Sipera Proprietary & Confidential 10
  • 11. Attack Vectors • Eavesdropping Spying Mass Password Discovery • Data Mangling Phishing Spam Over Internet Telephony QoS Degradation November 23, 2007 Sipera Proprietary & Confidential 11
  • 12. Attack Vectors • SIP call Setup, Routing and Termination Fake REGISTER and INVITE Active Eavesdropping Fake REGISTER, BYE and CANCEL • Denial of Service Attack ( DoS ) Flooding ( INVITE, REGISTER, SUBSCRIBE, BYE … et al ) Stealth DoS Call Jamming Distributed DoS ( DDoS ) November 23, 2007 Sipera Proprietary & Confidential 12
  • 13. DEMONSTRATION Witness your desk phone getting 0w||3d !! Thank You ☺ November 23, 2007 Sipera Proprietary & Confidential 13