SlideShare ist ein Scribd-Unternehmen logo

VoIP – vulnerabilities and attacks

Als PPTX, PDF herunterladen
n|u - The Open Security Community
n|u - The Open Security Community

null Mumbai July-August 2012 Meet

BildungTechnologieBusiness
1 von 30
VoIP – Vulnerabilities and Attacks Presented by - push
Agenda • Introduction to VoIP – VoIP Architecture – VoIP Components – VoIP Protocols • A PenTester Perspective – Attack Vectors – Scanning – Attacks – Tools of Trade – Countermeasures and Security http://null.co.in/ http://nullcon.net/
Remember Something? http://null.co.in/ http://nullcon.net/
VoIP • IP Telephony • Voice over Internet Protocol • Subset of IP Telephony • Transmission of “Voice” over Packet-Switched Network. • Is it only Voice??? – Data, Audio, Video http://null.co.in/ http://nullcon.net/
VoIP • Voice Analog Signals are converted to digital bits - “Sampled” and transmitted in packets Analog Voice Signals 101010101010 1101101101 Analog Voice 1010101010101101101 101010101010110110 Signals 101 1101 101010101010 1101101101 Internet 1010101010101101101 101010101010110110 101 1101 http://null.co.in/ http://nullcon.net/
VoIP Architecture Ordinary Phone  ATA  Ethernet  Router  Internet http://null.co.in/ http://nullcon.net/
VoIP Architecture IP Phone  Ethernet  IP-PBX  Router  Internet Internet IP Phone IP - PBX Modem / Router http://null.co.in/ http://nullcon.net/
VoIP Architecture Softphone Phone  Ethernet  Router  Internet Internet http://null.co.in/ http://nullcon.net/
VoIP Architecture http://null.co.in/ http://nullcon.net/
VoIP Components • User Agents (devices) • Redirect Servers • Media gateways • Registrar Servers • Signaling gateways • Location Servers • Network management system • Gatekeepers • Billing systems • Proxy Servers GW  Gateway MG  Media Gateway GK  Gatekeeper MGC  Media Gateway Controller NMS  Network Management System IVR  Interactive Voice Response http://null.co.in/ http://nullcon.net/
VoIP Protocols • Vendor Proprietary • Signaling Protocols • Media Protocols http://null.co.in/ http://nullcon.net/
VoIP Protocols SIP Session Initiation Protocol SAP  Session Announcement Protocol SGCP  Simple Gateway Control Protocol MIME  Multipurpose Internet Mail IPDC  Internet Protocol device Control Extensions – Set of Standards RTP  Real Time Transmission Protocol IAX  Inter-Asterisk eXchange SRTP  Secure Real Time Transmission Protocol Megaco H.248  Gateway Control Protocol RTCP  RTP Control Protocol RVP over IP  Remote Voice Protocol over IP SRTCP  Secure RTP Control Protocol RTSP  Real Time Streaming Protocol MGCP  Media Gateway Control Protocol SCCP  Skinny Client Control Protocol (Cisco). SDP  Session Description Protocol UNISTIM  Unified Network Stimulus (Nortel). http://null.co.in/ http://nullcon.net/
VoIP Protocols - SIP http://null.co.in/ http://nullcon.net/
VoIP Protocols – H.323 http://null.co.in/ http://nullcon.net/
A PenTester Perspective http://null.co.in/ http://nullcon.net/
VoIP – Attack Vectors • Vulnerabilities of Both Data and Telephone Network • CIA Triad http://null.co.in/ http://nullcon.net/
VoIP - Scanning • Scanning a network for VoIP enabled systems / devices. • Tools for Scanning and Enumeration : – Nmap  port scanner – Smap  sip scanner. Finds SIP Enabled Servers – Svmap  sip scanner – Svwar  sip extension enumerator – Iwar VoIP Enabled modem Dialer – Metasploit Modules : • H.323 version scanner • SIP enumerator  SIP Username enumerator(UDP) • SIP enumerator_tcp  SIP Username Enumerator(TCP) • Options  SIP scanner(TCP) • Options_tcp  SIP scanner(UDP) http://null.co.in/ http://nullcon.net/
VoIP – Scanning Demo • Nmap scan http://null.co.in/ http://nullcon.net/
VoIP – Common Ports Protocol TCP Port UDP Port SIP 5060 5060 SIP-TLS 5061 5061 IAX2 - 4569 http – web based 80 / 8080 - management console tftp - 69 RTP - 5004 RTCP - 5005 IAX1 - 5036 SCCP 2000 SCCPS 2443 H.323 1720 http://null.co.in/ http://nullcon.net/
VoIP – Scanning Demo • Smap • svmap http://null.co.in/ http://nullcon.net/
VoIP – Scanning Demo • Metasploit Scanner http://null.co.in/ http://nullcon.net/
VoIP - Attacks • Identity Spoofing • Conversation Eavesdropping / Sniffing • Password Cracking • Man-In-The-Middle • SIP-Bye DoS • SIP Bombing • RTP Insertion Attacks • Web Based Management Console Hacks • Fuzzing • Default Passwords http://null.co.in/ http://nullcon.net/
VoIP – Attacks Demo • Identity – Caller ID Spoofing – Tools Used : • Metasploit- SIP_INVITE_Spoof • VoIP Fuzzer – Protos -Sip http://null.co.in/ http://nullcon.net/
VoIP – Attacks Demo • Conversation Eavesdropping – Tools used : • Cain & Abel • Ettercap • Arpspoof • Wireshark http://null.co.in/ http://nullcon.net/
VoIP – Attacks Demo • Man-In-The-Middle – Tools Used : • Wireshark • Arpspoof / ettercap • RTPInject • RTPmixsound http://null.co.in/ http://nullcon.net/
VoIP – Attacks Demo • Password Cracking – Tools Used : • SIPDump • SIPCrack • svcrack http://null.co.in/ http://nullcon.net/
VoIP - Attacks Some Default Passwords for VoIP Devices and Consoles: Device / Console Username Password Uniden UIP1868P VoIP - admin phone Web Interface Hitachi IP5000 VOIP WIFI - 0000 Phone 1.5.6 Vonage VoIP Telephone user user Adapter Grandstream Phones - Web Administrator /admin admin Adimistrator Interface user user •Asterisk Manager User Accounts are configured in /etc/asterisk/manager.conf http://null.co.in/ http://nullcon.net/
VoIP – Audit & PenTest Tools • UCSniff • MetaSploit Modules : – Auxillary Modules • VoIPHopper • SIP enumerator  SIP Username enumerator • SIP enumerator_tcp  SIP USERNAME • Vomit Enumerator • VoIPong • Options  SIP scanner • Options_tcp  SIP scanner • IAX Flood • Asterisk_login  Asterisk Manager Login Utility – Exploits • InviteFlood • Aol_icq_downloadagent  AOL ICQ Arbitary File Downlowd • RTPFlood • Aim_triton_cseq AIM triton 1.0.4 CSeq Buffer Overflow • IAXFlood • Sipxezphone_cseq sipxezphone 0.35a Cseq Filed Overflow • BYE-TearDown • Sipxphone_cseq  sipxPhone 2.6.0.27 Cseq Buffer Overflow http://null.co.in/ http://nullcon.net/
Countermeasures & Security • Separate Infrasrtucture • Do not integrate Data and VoIP Networks • VoIP-aware Firewalls, • Secure Protocols like SRTP, • Session Encryption using SIP/TLS, SCCP/TLS • Harden Network Security – IDS – IPS - NIPS http://null.co.in/ http://nullcon.net/
Thank You See you all @ nullcon - Delhi http://null.co.in/ http://nullcon.net/

Empfohlen

VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
VoIP Security
VoIP SecurityVoIP Security
VoIP SecurityDayanand Prabhakar
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX, Inc.
 
SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)Fred Posner
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 

Empfohlen

VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
VoIP Security
VoIP SecurityVoIP Security
VoIP SecurityDayanand Prabhakar
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopFatih Ozavci
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Fatih Ozavci
 
NGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX: Basics & Best Practices - EMEA Broadcast
NGINX: Basics & Best Practices - EMEA BroadcastNGINX, Inc.
 
SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)SIP Attack Handling (Kamailio World 2021)
SIP Attack Handling (Kamailio World 2021)Fred Posner
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
IMS presentation
IMS presentationIMS presentation
IMS presentationAnirudh Yadav
 
Cisco router-commands
Cisco router-commandsCisco router-commands
Cisco router-commandsRobin Rohit
 
Three Ways Kamailio Can Help Your FreeSWITCH Deployment
Three Ways Kamailio Can Help Your FreeSWITCH DeploymentThree Ways Kamailio Can Help Your FreeSWITCH Deployment
Three Ways Kamailio Can Help Your FreeSWITCH DeploymentFred Posner
 
FreeSBC How To - Advanced SIP Routing
FreeSBC How To - Advanced SIP RoutingFreeSBC How To - Advanced SIP Routing
FreeSBC How To - Advanced SIP RoutingAlan Percy
 
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...Fred Posner
 
Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017Giacomo Vacca
 
IMS ENUM & DNS Mechanism
IMS ENUM & DNS MechanismIMS ENUM & DNS Mechanism
IMS ENUM & DNS MechanismHouman Sadeghi Kaji
 
SIP and DNS - federation, failover, load balancing and more
SIP and DNS - federation, failover, load balancing and moreSIP and DNS - federation, failover, load balancing and more
SIP and DNS - federation, failover, load balancing and moreOlle E Johansson
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsEng. Emad Al-Atoum
 
IMS + VoLTE Overview
IMS + VoLTE OverviewIMS + VoLTE Overview
IMS + VoLTE OverviewHamidreza Bolhasani
 
Kamailio - API Based SIP Routing
Kamailio - API Based SIP RoutingKamailio - API Based SIP Routing
Kamailio - API Based SIP RoutingDaniel-Constantin Mierla
 
Ne40 hardware-description
Ne40 hardware-descriptionNe40 hardware-description
Ne40 hardware-descriptionPrecious Kamoto
 
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Netgate
 
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaCisco Canada
 
IMS Session Flow
IMS Session FlowIMS Session Flow
IMS Session FlowKent Loh
 
IMS IP multimedia subsystem presentation
IMS IP multimedia subsystem presentationIMS IP multimedia subsystem presentation
IMS IP multimedia subsystem presentationWaldir R. Pires Jr
 
Scaling Asterisk with Kamailio
Scaling Asterisk with KamailioScaling Asterisk with Kamailio
Scaling Asterisk with KamailioFred Posner
 
Providing Local DNS with pfSense - pfSense Hangout August 2016
Providing Local DNS with pfSense - pfSense Hangout August 2016Providing Local DNS with pfSense - pfSense Hangout August 2016
Providing Local DNS with pfSense - pfSense Hangout August 2016Netgate
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldOlle E Johansson
 
Nginx Essential
Nginx EssentialNginx Essential
Nginx EssentialGong Haibing
 
Voice Over IP (VoIP)
Voice Over IP (VoIP)Voice Over IP (VoIP)
Voice Over IP (VoIP)habib_786
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP Fatih Ozavci
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cisco router-commands
Cisco router-commandsCisco router-commands
Cisco router-commandsRobin Rohit
 
Three Ways Kamailio Can Help Your FreeSWITCH Deployment
Three Ways Kamailio Can Help Your FreeSWITCH DeploymentThree Ways Kamailio Can Help Your FreeSWITCH Deployment
Three Ways Kamailio Can Help Your FreeSWITCH DeploymentFred Posner
 
FreeSBC How To - Advanced SIP Routing
FreeSBC How To - Advanced SIP RoutingFreeSBC How To - Advanced SIP Routing
FreeSBC How To - Advanced SIP RoutingAlan Percy
 
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...Fred Posner
 
Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017Giacomo Vacca
 
SIP and DNS - federation, failover, load balancing and more
SIP and DNS - federation, failover, load balancing and moreSIP and DNS - federation, failover, load balancing and more
SIP and DNS - federation, failover, load balancing and moreOlle E Johansson
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsEng. Emad Al-Atoum
 
Ne40 hardware-description
Ne40 hardware-descriptionNe40 hardware-description
Ne40 hardware-descriptionPrecious Kamoto
 
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Netgate
 
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaCisco Canada
 
IMS Session Flow
IMS Session FlowIMS Session Flow
IMS Session FlowKent Loh
 
IMS IP multimedia subsystem presentation
IMS IP multimedia subsystem presentationIMS IP multimedia subsystem presentation
IMS IP multimedia subsystem presentationWaldir R. Pires Jr
 
Scaling Asterisk with Kamailio
Scaling Asterisk with KamailioScaling Asterisk with Kamailio
Scaling Asterisk with KamailioFred Posner
 
Providing Local DNS with pfSense - pfSense Hangout August 2016
Providing Local DNS with pfSense - pfSense Hangout August 2016Providing Local DNS with pfSense - pfSense Hangout August 2016
Providing Local DNS with pfSense - pfSense Hangout August 2016Netgate
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldOlle E Johansson
 

Was ist angesagt? (20)

IMS presentation
IMS presentationIMS presentation
IMS presentation
 
Cisco router-commands
Cisco router-commandsCisco router-commands
Cisco router-commands
 
Three Ways Kamailio Can Help Your FreeSWITCH Deployment
Three Ways Kamailio Can Help Your FreeSWITCH DeploymentThree Ways Kamailio Can Help Your FreeSWITCH Deployment
Three Ways Kamailio Can Help Your FreeSWITCH Deployment
 
FreeSBC How To - Advanced SIP Routing
FreeSBC How To - Advanced SIP RoutingFreeSBC How To - Advanced SIP Routing
FreeSBC How To - Advanced SIP Routing
 
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
Using Asterisk and Kamailio for Reliable, Scalable and Secure Communication S...
 
Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017Homer - Workshop at Kamailio World 2017
Homer - Workshop at Kamailio World 2017
 
IMS ENUM & DNS Mechanism
IMS ENUM & DNS MechanismIMS ENUM & DNS Mechanism
IMS ENUM & DNS Mechanism
 
SIP and DNS - federation, failover, load balancing and more
SIP and DNS - federation, failover, load balancing and moreSIP and DNS - federation, failover, load balancing and more
SIP and DNS - federation, failover, load balancing and more
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching Commands
 
IMS + VoLTE Overview
IMS + VoLTE OverviewIMS + VoLTE Overview
IMS + VoLTE Overview
 
Kamailio - API Based SIP Routing
Kamailio - API Based SIP RoutingKamailio - API Based SIP Routing
Kamailio - API Based SIP Routing
 
Ne40 hardware-description
Ne40 hardware-descriptionNe40 hardware-description
Ne40 hardware-description
 
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
Routed IPsec on pfSense 2.4.4 - pfSense Hangout June 2018
 
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with ViptelaUnderstanding Cisco’s Next Generation SD-WAN Solution with Viptela
Understanding Cisco’s Next Generation SD-WAN Solution with Viptela
 
IMS Session Flow
IMS Session FlowIMS Session Flow
IMS Session Flow
 
IMS IP multimedia subsystem presentation
IMS IP multimedia subsystem presentationIMS IP multimedia subsystem presentation
IMS IP multimedia subsystem presentation
 
Scaling Asterisk with Kamailio
Scaling Asterisk with KamailioScaling Asterisk with Kamailio
Scaling Asterisk with Kamailio
 
Providing Local DNS with pfSense - pfSense Hangout August 2016
Providing Local DNS with pfSense - pfSense Hangout August 2016Providing Local DNS with pfSense - pfSense Hangout August 2016
Providing Local DNS with pfSense - pfSense Hangout August 2016
 
SIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer worldSIP & TLS - Security in a peer to peer world
SIP & TLS - Security in a peer to peer world
 
Nginx Essential
Nginx EssentialNginx Essential
Nginx Essential
 

Andere mochten auch

Voice Over IP (VoIP)
Voice Over IP (VoIP)Voice Over IP (VoIP)
Voice Over IP (VoIP)habib_786
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP Fatih Ozavci
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
Voice over IP (VoIP)
Voice over IP (VoIP)Voice over IP (VoIP)
Voice over IP (VoIP)Peter R. Egli
 
VoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenVoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenFatih Ozavci
 
What is VoIP and How it works?
What is VoIP and How it works?What is VoIP and How it works?
What is VoIP and How it works?broadconnect
 
Voip powerpoint
Voip powerpointVoip powerpoint
Voip powerpointGW1992
 
Security Challenges In VoIP
Security Challenges In VoIPSecurity Challenges In VoIP
Security Challenges In VoIPTomGilis
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)Fatih Ozavci
 
Introduction to SIP(Session Initiation Protocol)
Introduction to SIP(Session Initiation Protocol)Introduction to SIP(Session Initiation Protocol)
Introduction to SIP(Session Initiation Protocol)William Lee
 
Voice over Internet Protocol (VoIP) using Asterisk
Voice over Internet Protocol (VoIP) using AsteriskVoice over Internet Protocol (VoIP) using Asterisk
Voice over Internet Protocol (VoIP) using AsteriskSameer Verma
 
Voice over internet protocol (VoIP)
Voice over internet protocol (VoIP) Voice over internet protocol (VoIP)
Voice over internet protocol (VoIP) Namra Afzal
 
Voip introduction
Voip introductionVoip introduction
Voip introductiondaksh bhatt
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation tofael1
 

Andere mochten auch (19)

Voice Over IP (VoIP)
Voice Over IP (VoIP)Voice Over IP (VoIP)
Voice Over IP (VoIP)
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
 
Voice over IP (VoIP)
Voice over IP (VoIP)Voice over IP (VoIP)
Voice over IP (VoIP)
 
VoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenVoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers Awaken
 
What is VoIP and How it works?
What is VoIP and How it works?What is VoIP and How it works?
What is VoIP and How it works?
 
Voip powerpoint
Voip powerpointVoip powerpoint
Voip powerpoint
 
Security Challenges In VoIP
Security Challenges In VoIPSecurity Challenges In VoIP
Security Challenges In VoIP
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
 
SIP Beyond VoIP
SIP Beyond VoIPSIP Beyond VoIP
SIP Beyond VoIP
 
Introduction to SIP(Session Initiation Protocol)
Introduction to SIP(Session Initiation Protocol)Introduction to SIP(Session Initiation Protocol)
Introduction to SIP(Session Initiation Protocol)
 
voip gateway
voip gateway voip gateway
voip gateway
 
Voice over Internet Protocol (VoIP) using Asterisk
Voice over Internet Protocol (VoIP) using AsteriskVoice over Internet Protocol (VoIP) using Asterisk
Voice over Internet Protocol (VoIP) using Asterisk
 
Voice over internet protocol (VoIP)
Voice over internet protocol (VoIP) Voice over internet protocol (VoIP)
Voice over internet protocol (VoIP)
 
Introduction to VoIP
Introduction to VoIPIntroduction to VoIP
Introduction to VoIP
 
VoIP Seminar
VoIP SeminarVoIP Seminar
VoIP Seminar
 
Voip
VoipVoip
Voip
 
Voip introduction
Voip introductionVoip introduction
Voip introduction
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation
 

Ähnlich wie VoIP – vulnerabilities and attacks

I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
 
Understanding VoIP - 1
Understanding VoIP - 1Understanding VoIP - 1
Understanding VoIP - 1Adebayo Ojo
 
Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019Lorenzo Miniero
 
voip elements by Karan singh cypher
voip elements by Karan singh cypher voip elements by Karan singh cypher
voip elements by Karan singh cypher Karan Maker
 
Fuzzing RTC @ Kamailio World 2019
Fuzzing RTC @ Kamailio World 2019Fuzzing RTC @ Kamailio World 2019
Fuzzing RTC @ Kamailio World 2019Lorenzo Miniero
 
Practical Fundamentals of Voice over IP (VoIP) for Engineers and Technicians
Practical Fundamentals of Voice over IP (VoIP) for Engineers and TechniciansPractical Fundamentals of Voice over IP (VoIP) for Engineers and Technicians
Practical Fundamentals of Voice over IP (VoIP) for Engineers and TechniciansLiving Online
 
Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP ThousandEyes
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.Sumutiu Marius
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017Juan De Bravo
 
Media Handling in FreeSWITCH
Media Handling in FreeSWITCHMedia Handling in FreeSWITCH
Media Handling in FreeSWITCHMoises Silva
 
VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)Abdullah Shah
 
Voip softswitch providers
Voip softswitch providersVoip softswitch providers
Voip softswitch providersVoIP Infotech
 

Ähnlich wie VoIP – vulnerabilities and attacks (20)

Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
 
Introduction to VoIP Security
Introduction to VoIP SecurityIntroduction to VoIP Security
Introduction to VoIP Security
 
VOIP services
VOIP servicesVOIP services
VOIP services
 
Understanding VoIP - 1
Understanding VoIP - 1Understanding VoIP - 1
Understanding VoIP - 1
 
Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019
 
voip elements by Karan singh cypher
voip elements by Karan singh cypher voip elements by Karan singh cypher
voip elements by Karan singh cypher
 
Linux VOIP
Linux VOIP Linux VOIP
Linux VOIP
 
Fuzzing RTC @ Kamailio World 2019
Fuzzing RTC @ Kamailio World 2019Fuzzing RTC @ Kamailio World 2019
Fuzzing RTC @ Kamailio World 2019
 
Voip
VoipVoip
Voip
 
Practical Fundamentals of Voice over IP (VoIP) for Engineers and Technicians
Practical Fundamentals of Voice over IP (VoIP) for Engineers and TechniciansPractical Fundamentals of Voice over IP (VoIP) for Engineers and Technicians
Practical Fundamentals of Voice over IP (VoIP) for Engineers and Technicians
 
Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017
 
Media Handling in FreeSWITCH
Media Handling in FreeSWITCHMedia Handling in FreeSWITCH
Media Handling in FreeSWITCH
 
Multipath TCP
Multipath TCPMultipath TCP
Multipath TCP
 
VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)
 
Voip softswitch providers
Voip softswitch providersVoip softswitch providers
Voip softswitch providers
 
Softswitch
SoftswitchSoftswitch
Softswitch
 
Softswitch
SoftswitchSoftswitch
Softswitch
 

Mehr von n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Kürzlich hochgeladen

Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 

Kürzlich hochgeladen (20)

TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 

VoIP – vulnerabilities and attacks

  • 1. VoIP – Vulnerabilities and Attacks Presented by - push
  • 2. Agenda • Introduction to VoIP – VoIP Architecture – VoIP Components – VoIP Protocols • A PenTester Perspective – Attack Vectors – Scanning – Attacks – Tools of Trade – Countermeasures and Security http://null.co.in/ http://nullcon.net/
  • 4. VoIP • IP Telephony • Voice over Internet Protocol • Subset of IP Telephony • Transmission of “Voice” over Packet-Switched Network. • Is it only Voice??? – Data, Audio, Video http://null.co.in/ http://nullcon.net/
  • 5. VoIP • Voice Analog Signals are converted to digital bits - “Sampled” and transmitted in packets Analog Voice Signals 101010101010 1101101101 Analog Voice 1010101010101101101 101010101010110110 Signals 101 1101 101010101010 1101101101 Internet 1010101010101101101 101010101010110110 101 1101 http://null.co.in/ http://nullcon.net/
  • 6. VoIP Architecture Ordinary Phone  ATA  Ethernet  Router  Internet http://null.co.in/ http://nullcon.net/
  • 7. VoIP Architecture IP Phone  Ethernet  IP-PBX  Router  Internet Internet IP Phone IP - PBX Modem / Router http://null.co.in/ http://nullcon.net/
  • 8. VoIP Architecture Softphone Phone  Ethernet  Router  Internet Internet http://null.co.in/ http://nullcon.net/
  • 10. VoIP Components • User Agents (devices) • Redirect Servers • Media gateways • Registrar Servers • Signaling gateways • Location Servers • Network management system • Gatekeepers • Billing systems • Proxy Servers GW  Gateway MG  Media Gateway GK  Gatekeeper MGC  Media Gateway Controller NMS  Network Management System IVR  Interactive Voice Response http://null.co.in/ http://nullcon.net/
  • 11. VoIP Protocols • Vendor Proprietary • Signaling Protocols • Media Protocols http://null.co.in/ http://nullcon.net/
  • 12. VoIP Protocols SIP Session Initiation Protocol SAP  Session Announcement Protocol SGCP  Simple Gateway Control Protocol MIME  Multipurpose Internet Mail IPDC  Internet Protocol device Control Extensions – Set of Standards RTP  Real Time Transmission Protocol IAX  Inter-Asterisk eXchange SRTP  Secure Real Time Transmission Protocol Megaco H.248  Gateway Control Protocol RTCP  RTP Control Protocol RVP over IP  Remote Voice Protocol over IP SRTCP  Secure RTP Control Protocol RTSP  Real Time Streaming Protocol MGCP  Media Gateway Control Protocol SCCP  Skinny Client Control Protocol (Cisco). SDP  Session Description Protocol UNISTIM  Unified Network Stimulus (Nortel). http://null.co.in/ http://nullcon.net/
  • 13. VoIP Protocols - SIP http://null.co.in/ http://nullcon.net/
  • 14. VoIP Protocols – H.323 http://null.co.in/ http://nullcon.net/
  • 16. VoIP – Attack Vectors • Vulnerabilities of Both Data and Telephone Network • CIA Triad http://null.co.in/ http://nullcon.net/
  • 17. VoIP - Scanning • Scanning a network for VoIP enabled systems / devices. • Tools for Scanning and Enumeration : – Nmap  port scanner – Smap  sip scanner. Finds SIP Enabled Servers – Svmap  sip scanner – Svwar  sip extension enumerator – Iwar VoIP Enabled modem Dialer – Metasploit Modules : • H.323 version scanner • SIP enumerator  SIP Username enumerator(UDP) • SIP enumerator_tcp  SIP Username Enumerator(TCP) • Options  SIP scanner(TCP) • Options_tcp  SIP scanner(UDP) http://null.co.in/ http://nullcon.net/
  • 18. VoIP – Scanning Demo • Nmap scan http://null.co.in/ http://nullcon.net/
  • 19. VoIP – Common Ports Protocol TCP Port UDP Port SIP 5060 5060 SIP-TLS 5061 5061 IAX2 - 4569 http – web based 80 / 8080 - management console tftp - 69 RTP - 5004 RTCP - 5005 IAX1 - 5036 SCCP 2000 SCCPS 2443 H.323 1720 http://null.co.in/ http://nullcon.net/
  • 20. VoIP – Scanning Demo • Smap • svmap http://null.co.in/ http://nullcon.net/
  • 21. VoIP – Scanning Demo • Metasploit Scanner http://null.co.in/ http://nullcon.net/
  • 22. VoIP - Attacks • Identity Spoofing • Conversation Eavesdropping / Sniffing • Password Cracking • Man-In-The-Middle • SIP-Bye DoS • SIP Bombing • RTP Insertion Attacks • Web Based Management Console Hacks • Fuzzing • Default Passwords http://null.co.in/ http://nullcon.net/
  • 23. VoIP – Attacks Demo • Identity – Caller ID Spoofing – Tools Used : • Metasploit- SIP_INVITE_Spoof • VoIP Fuzzer – Protos -Sip http://null.co.in/ http://nullcon.net/
  • 24. VoIP – Attacks Demo • Conversation Eavesdropping – Tools used : • Cain & Abel • Ettercap • Arpspoof • Wireshark http://null.co.in/ http://nullcon.net/
  • 25. VoIP – Attacks Demo • Man-In-The-Middle – Tools Used : • Wireshark • Arpspoof / ettercap • RTPInject • RTPmixsound http://null.co.in/ http://nullcon.net/
  • 26. VoIP – Attacks Demo • Password Cracking – Tools Used : • SIPDump • SIPCrack • svcrack http://null.co.in/ http://nullcon.net/
  • 27. VoIP - Attacks Some Default Passwords for VoIP Devices and Consoles: Device / Console Username Password Uniden UIP1868P VoIP - admin phone Web Interface Hitachi IP5000 VOIP WIFI - 0000 Phone 1.5.6 Vonage VoIP Telephone user user Adapter Grandstream Phones - Web Administrator /admin admin Adimistrator Interface user user •Asterisk Manager User Accounts are configured in /etc/asterisk/manager.conf http://null.co.in/ http://nullcon.net/
  • 28. VoIP – Audit & PenTest Tools • UCSniff • MetaSploit Modules : – Auxillary Modules • VoIPHopper • SIP enumerator  SIP Username enumerator • SIP enumerator_tcp  SIP USERNAME • Vomit Enumerator • VoIPong • Options  SIP scanner • Options_tcp  SIP scanner • IAX Flood • Asterisk_login  Asterisk Manager Login Utility – Exploits • InviteFlood • Aol_icq_downloadagent  AOL ICQ Arbitary File Downlowd • RTPFlood • Aim_triton_cseq AIM triton 1.0.4 CSeq Buffer Overflow • IAXFlood • Sipxezphone_cseq sipxezphone 0.35a Cseq Filed Overflow • BYE-TearDown • Sipxphone_cseq  sipxPhone 2.6.0.27 Cseq Buffer Overflow http://null.co.in/ http://nullcon.net/
  • 29. Countermeasures & Security • Separate Infrasrtucture • Do not integrate Data and VoIP Networks • VoIP-aware Firewalls, • Secure Protocols like SRTP, • Session Encryption using SIP/TLS, SCCP/TLS • Harden Network Security – IDS – IPS - NIPS http://null.co.in/ http://nullcon.net/
  • 30. Thank You See you all @ nullcon - Delhi http://null.co.in/ http://nullcon.net/

Hinweis der Redaktion

  1. IP Telephony - 1990
  2.  Run all VoIP traffic through a separate Internet connection, separating voice and data into their own network segments (VLAN). Set up separate servers dedicated just to VoIP traffic and firewall them apart from the rest of your network. VoIP connections between different buildings use a Virtual Private Network (VPN) to authenticate users to prevent spoofing. Avoid use of cheap VoIP systems. Encrypt any VoIP traffic to keep it confidential and prevent eavesdropping by network sniffers. Put VoIP servers in a secure physical location. Make sure all routers and servers hosting your VoIP system have been hardened and all unnecessary services turned off and ports closed. Restrict access to VoIP servers to only system administrators and log and monitor all access. Use intrusion detection systems to monitor malicious attempts to access your VoIP network. Employ a defense-in-depth of strategy with multiple layers of security, including dedicated VoIP-ready firewalls. Test all devices that send, receive or parse VoIP protocols, including handsets, softphones, SIP proxies, H.323 gateways, call managers and firewalls that VoIP messages pass through.