Gaurav - VoIP - ClubHack2007

879 views
821 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
879
On SlideShare
0
From Embeds
0
Number of Embeds
22
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Gaurav - VoIP - ClubHack2007

  1. 1. Gaurav Saha November 23, 2007 Sipera Proprietary & Confidential 1
  2. 2. The Sipera Approach • Learn Sipera VIPER™ lab concentrates all its efforts on Vulnerability Research to learn about different kinds of unique threats in SIP/IMS/UMA networks and UA • Verify Sipera LAVA™ tool emulate thousands of attacks to verify above threats. • Protect Sipera IPCS™ products combines VPN, Firewall, IPS etc functionality for VoIP systems in a single device to protect and enable unified communications. November 23, 2007 Sipera Proprietary & Confidential 2
  3. 3. Talk Outline 1. VoIP Overview 2. VoIP protocols 3. SIP Protocol Analysis 4. Weaknesses in VoIP Protocols 5. Attack Vectors 6. Conclusion 7. Demo November 23, 2007 Sipera Proprietary & Confidential 3
  4. 4. VoIP Overview • What is VoIP? VoIP is an IP telephony service which converts analog data signals into digital signals and carries it over internet. • Why VoIP? Cost Effective Flexible and Easy implementation Advance Services November 23, 2007 Sipera Proprietary & Confidential 4
  5. 5. VoIP Protocols • H.323 • Session Initiation Protocol ( SIP ) • Skinny Client Control Protocol ( SCCP ) • Media Gateway Control Protocol ( MGCP ) November 23, 2007 Sipera Proprietary & Confidential 5
  6. 6. SIP Protocol Overview • SIP stands for Session Initiation Protocol SIP is signaling protocol Plain-Text like HTTP Supports encryption like HTTPS Supports TLS Supports encryption of VoIP Media Data • SIP Components User Agent Client ( UAC ) User Agent Server ( UAS ) November 23, 2007 Sipera Proprietary & Confidential 6
  7. 7. SIP Architecture Server: abc.com Server: xyz.com joe@abc.com john@abc.com alice@xyz.com veronica@xyz.com How call are made between to VoIP Phones November 23, 2007 Sipera Proprietary & Confidential 7
  8. 8. SIP Call Flow Call Flow: How the whole session looks like. November 23, 2007 Sipera Proprietary & Confidential 8
  9. 9. Weaknesses and Vulnerabilities in SIP • UAS/UAC identity disclosure • Username/Password cracking • Eavesdropping • Data Mangling • SIP call Setup, Routing and Termination November 23, 2007 Sipera Proprietary & Confidential 9
  10. 10. Attack Vectors • UAS/UAC identity disclosure Similar to Banner Grabbing. Users Enumeration • Username/Password cracking Call/Toll Fraud Spamming November 23, 2007 Sipera Proprietary & Confidential 10
  11. 11. Attack Vectors • Eavesdropping Spying Mass Password Discovery • Data Mangling Phishing Spam Over Internet Telephony QoS Degradation November 23, 2007 Sipera Proprietary & Confidential 11
  12. 12. Attack Vectors • SIP call Setup, Routing and Termination Fake REGISTER and INVITE Active Eavesdropping Fake REGISTER, BYE and CANCEL • Denial of Service Attack ( DoS ) Flooding ( INVITE, REGISTER, SUBSCRIBE, BYE … et al ) Stealth DoS Call Jamming Distributed DoS ( DDoS ) November 23, 2007 Sipera Proprietary & Confidential 12
  13. 13. DEMONSTRATION Witness your desk phone getting 0w||3d !! Thank You ☺ November 23, 2007 Sipera Proprietary & Confidential 13

×