SlideShare a Scribd company logo

Seguridad VoIP: Protocolos, Ataques y Herramientas

F
fixxx3r

This document discusses VoIP security and contains the following: 1. It introduces VoIP components and protocols like SIP, H.323, and RTP. 2. It describes recent VoIP attacks like phone scams and using default credentials. 3. It outlines security tools and techniques for analyzing VoIP vulnerabilities and demonstrates attacks.

TechnologyBusiness
1 of 37
“Seguridad” VoIP Giovanni Cruz Forero @fixxx3r
ThinkEvil
Agenda Intro Protocolos Ataques Recientes Herramientas Demo # 1 Demo # 2 Demo # 3
Intro
VoIP
Componentes Endpoints (Softphones, Hardphones) IP PBX Base de Datos Servidores Web Sistemas Operativos H.323 Gatekeeper SBC PSTN B2BUA UAS UAC SIP Proxy SIP Registrar Softswitch Media Gateways Location Server Directorio
Protocolos
H.323
SCCP
XMPP / Jingle
IAX
SIP PETICIONES INVITE ACK BYE CANCEL REGISTER OPTIONS RESPUESTAS 1XX – Provisionales 2XX – Exitosa 3XX – Redirección 4XX – Error de cliente 5XX – Fallas del Servidor 6XX – Fallas Globales
Registro Bob SIP Server | | | REGISTER F1 | |------------------------------>| | 401 Unauthorized F2 | |<------------------------------| | REGISTER F3 | |------------------------------>| | 200 OK F4 | |<------------------------------|
F1 REGISTER Bob -> SIP Server REGISTER sips:ss2.biloxi.example.com SIP/2.0 Via: SIP/2.0/TLS client.biloxi.example.com:5061;branch=z9hG4bKnashds7 Max-Forwards: 70 From: Bob <sips:bob@biloxi.example.com>;tag=a73kszlfl To: Bob <sips:bob@biloxi.example.com> Call-ID: 1j9FpLxk3uxtm8tn@biloxi.example.com CSeq: 1 REGISTER Contact: <sips:bob@client.biloxi.example.com> Content-Length: 0
F2 401 Unauthorized SIP Server -> Bob SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS client.biloxi.example.com:5061;branch=z9hG4bKnashds7 ;received=192.0.2.201 From: Bob <sips:bob@biloxi.example.com>;tag=a73kszlfl To: Bob <sips:bob@biloxi.example.com>;tag=1410948204 Call-ID: 1j9FpLxk3uxtm8tn@biloxi.example.com CSeq: 1 REGISTER WWW-Authenticate: Digestrealm="atlanta.example.com", qop="auth", nonce="ea9c8e88df84f1cec4341ae6cbe5a359", opaque="", stale=FALSE, algorithm=MD5 Content-Length: 0
F3 REGISTER Bob -> SIP Server REGISTER sips:ss2.biloxi.example.com SIP/2.0 Via: SIP/2.0/TLS client.biloxi.example.com:5061;branch=z9hG4bKnashd92 Max-Forwards: 70 From: Bob <sips:bob@biloxi.example.com>;tag=ja743ks76zlflH To: Bob <sips:bob@biloxi.example.com> Call-ID: 1j9FpLxk3uxtm8tn@biloxi.example.com CSeq: 2 REGISTER Contact: <sips:bob@client.biloxi.example.com> Authorization: Digestusername="bob", realm="atlanta.example.com" nonce="ea9c8e88df84f1cec4341ae6cbe5a359", opaque="", uri="sips:ss2.biloxi.example.com", response="dfe56131d1958046689d83306477ecc" Content-Length: 0
F4 200 OK SIP Server -> Bob SIP/2.0 200 OK Via: SIP/2.0/TLS client.biloxi.example.com:5061;branch=z9hG4bKnashd92 ;received=192.0.2.201 From: Bob <sips:bob@biloxi.example.com>;tag=ja743ks76zlflH To: Bob <sips:bob@biloxi.example.com>;tag=37GkEhwl6 Call-ID: 1j9FpLxk3uxtm8tn@biloxi.example.com CSeq: 2 REGISTER Contact: <sips:bob@client.biloxi.example.com>;expires=3600 Content-Length: 0
SDP
RTP
Ataques
PhoneScam
Amazon EC2
Contraseñas por defecto….
Fácil…. Fuente: http://amitay.us/blog/files/most_common_iphone_passcodes.php
Fraude Teléfonico
+ Fraude
Herramientas
DEMO # 1
DEMO # 2
DEMO # 3

Recommended

Bonrix Bulk voice call - Voice SMS Marketing Web Based Panel
Bonrix Bulk voice call - Voice SMS Marketing Web Based PanelBonrix Bulk voice call - Voice SMS Marketing Web Based Panel
Bonrix Bulk voice call - Voice SMS Marketing Web Based PanelRenish Ladani
 
JR15Cloud
JR15CloudJR15Cloud
JR15Cloudantmanlinux
 
Matrix Telecom Solutions: SETU ATAs
Matrix Telecom Solutions: SETU ATAs Matrix Telecom Solutions: SETU ATAs
Matrix Telecom Solutions: SETU ATAs Matrix Comsec
 
Sip basic KT
Sip basic KTSip basic KT
Sip basic KTChandra Pr. Singh
 
Matrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI Gateway
Matrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI GatewayMatrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI Gateway
Matrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI GatewayMatrix Comsec
 
Matrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS Gateways
Matrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS GatewaysMatrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS Gateways
Matrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS GatewaysMatrix Comsec
 
Matrix Telecom Solutions: SIMADO GFX11 - FCT
Matrix Telecom Solutions: SIMADO GFX11 - FCTMatrix Telecom Solutions: SIMADO GFX11 - FCT
Matrix Telecom Solutions: SIMADO GFX11 - FCTMatrix Comsec
 
Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...
Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...
Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...Matrix Comsec
 

Recommended

Bonrix Bulk voice call - Voice SMS Marketing Web Based Panel
Bonrix Bulk voice call - Voice SMS Marketing Web Based PanelBonrix Bulk voice call - Voice SMS Marketing Web Based Panel
Bonrix Bulk voice call - Voice SMS Marketing Web Based PanelRenish Ladani
 
JR15Cloud
JR15CloudJR15Cloud
JR15Cloudantmanlinux
 
Matrix Telecom Solutions: SETU ATAs
Matrix Telecom Solutions: SETU ATAs Matrix Telecom Solutions: SETU ATAs
Matrix Telecom Solutions: SETU ATAs Matrix Comsec
 
Sip basic KT
Sip basic KTSip basic KT
Sip basic KTChandra Pr. Singh
 
Matrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI Gateway
Matrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI GatewayMatrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI Gateway
Matrix Telecom Solutions: SETU VTEP - Fixed VoIP to T1/E1 PRI GatewayMatrix Comsec
 
Matrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS Gateways
Matrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS GatewaysMatrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS Gateways
Matrix Telecom Solutions: SETU VFXTH - Fixed VoIP to FXO-FXS GatewaysMatrix Comsec
 
Matrix Telecom Solutions: SIMADO GFX11 - FCT
Matrix Telecom Solutions: SIMADO GFX11 - FCTMatrix Telecom Solutions: SIMADO GFX11 - FCT
Matrix Telecom Solutions: SIMADO GFX11 - FCTMatrix Comsec
 
Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...
Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...
Matrix Telecom Solutions: SETU VGFX - Fixed VoIP to GSM/3G-FXO-FXS Voice Gat...Matrix Comsec
 
Matrix Telecom Solutions: SETU VFX - Fixed VoIP to FXO-FXS Gateways
Matrix Telecom Solutions: SETU VFX - Fixed VoIP to FXO-FXS GatewaysMatrix Telecom Solutions: SETU VFX - Fixed VoIP to FXO-FXS Gateways
Matrix Telecom Solutions: SETU VFX - Fixed VoIP to FXO-FXS GatewaysMatrix Comsec
 
Día Neocenter | FreePBX The best & most complete open source & Commercial PBX...
Día Neocenter | FreePBX The best & most complete open source & Commercial PBX...Día Neocenter | FreePBX The best & most complete open source & Commercial PBX...
Día Neocenter | FreePBX The best & most complete open source & Commercial PBX...Neocenter SA de CV
 
Stu t17 a
Stu t17 aStu t17 a
Stu t17 aSelectedPresentations
 
Configurar grandstream bt 200
Configurar grandstream bt 200Configurar grandstream bt 200
Configurar grandstream bt 200che190382
 
VoIP Recording
VoIP RecordingVoIP Recording
VoIP RecordingMundo Contact
 
Matrix Telecom Solutions: SIMADO GFX44 - Fixed GSM/3G to Analog Voice Gateway
Matrix Telecom Solutions: SIMADO GFX44 - Fixed GSM/3G to Analog Voice GatewayMatrix Telecom Solutions: SIMADO GFX44 - Fixed GSM/3G to Analog Voice Gateway
Matrix Telecom Solutions: SIMADO GFX44 - Fixed GSM/3G to Analog Voice GatewayMatrix Comsec
 
Basic Computer Networking Tutorial
Basic Computer Networking TutorialBasic Computer Networking Tutorial
Basic Computer Networking TutorialService Solutions Pvt. Ltd. (SSL)
 
Matrix Telecom Solutions: SPARSH VP248 - Feature-rich SIP Phones
Matrix Telecom Solutions: SPARSH VP248 - Feature-rich SIP PhonesMatrix Telecom Solutions: SPARSH VP248 - Feature-rich SIP Phones
Matrix Telecom Solutions: SPARSH VP248 - Feature-rich SIP PhonesMatrix Comsec
 
POSITECH 16 Line Telephone Call Recording Device
POSITECH 16 Line Telephone Call Recording DevicePOSITECH 16 Line Telephone Call Recording Device
POSITECH 16 Line Telephone Call Recording DevicePositech Solutions Private Limited
 
Benefits of Hosted VoIP PBX Services by VitelGlobal
Benefits of Hosted VoIP PBX Services by VitelGlobalBenefits of Hosted VoIP PBX Services by VitelGlobal
Benefits of Hosted VoIP PBX Services by VitelGlobalAzharuddin Muhammad
 
FreePBX Application Introduce
FreePBX Application IntroduceFreePBX Application Introduce
FreePBX Application IntroduceZack Chou
 
POSITECH 4 Line Telephone Call Recording Device
POSITECH 4 Line Telephone Call Recording DevicePOSITECH 4 Line Telephone Call Recording Device
POSITECH 4 Line Telephone Call Recording DevicePositech Solutions Private Limited
 
POSITECH 16 Line Telephone Call Recording Device
POSITECH 16 Line Telephone Call Recording DevicePOSITECH 16 Line Telephone Call Recording Device
POSITECH 16 Line Telephone Call Recording DevicePositech Solutions Private Limited
 
Setup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkSetup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkNazmul Hossain Rakib
 
Setup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkSetup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkNazmul Hossain Rakib
 
Hybrid IP PBX February 2014
Hybrid IP PBX February 2014Hybrid IP PBX February 2014
Hybrid IP PBX February 2014Matrixcomsec Ttg
 
Princess with large feet
Princess with large feetPrincess with large feet
Princess with large feetmeganlou32
 
Ergo office seating 11 2010 price list
Ergo office seating 11 2010 price listErgo office seating 11 2010 price list
Ergo office seating 11 2010 price listergoofficeseating
 
About LinkedIn for Versatile PhD
About LinkedIn for Versatile PhDAbout LinkedIn for Versatile PhD
About LinkedIn for Versatile PhDAnna Trester
 
About LinkedIn for Versatile PhD
About LinkedIn for Versatile PhDAbout LinkedIn for Versatile PhD
About LinkedIn for Versatile PhDAnna Trester
 
Professional applications-of-linguistics-1
Professional applications-of-linguistics-1Professional applications-of-linguistics-1
Professional applications-of-linguistics-1Anna Trester
 
Langauge of linkedIn
Langauge of linkedInLangauge of linkedIn
Langauge of linkedInAnna Trester
 

More Related Content

What's hot

Matrix Telecom Solutions: SETU VFX - Fixed VoIP to FXO-FXS Gateways
Matrix Telecom Solutions: SETU VFX - Fixed VoIP to FXO-FXS GatewaysMatrix Telecom Solutions: SETU VFX - Fixed VoIP to FXO-FXS Gateways
Matrix Telecom Solutions: SETU VFX - Fixed VoIP to FXO-FXS GatewaysMatrix Comsec
 
Día Neocenter | FreePBX The best & most complete open source & Commercial PBX...
Día Neocenter | FreePBX The best & most complete open source & Commercial PBX...Día Neocenter | FreePBX The best & most complete open source & Commercial PBX...
Día Neocenter | FreePBX The best & most complete open source & Commercial PBX...Neocenter SA de CV
 
Configurar grandstream bt 200
Configurar grandstream bt 200Configurar grandstream bt 200
Configurar grandstream bt 200che190382
 
Matrix Telecom Solutions: SIMADO GFX44 - Fixed GSM/3G to Analog Voice Gateway
Matrix Telecom Solutions: SIMADO GFX44 - Fixed GSM/3G to Analog Voice GatewayMatrix Telecom Solutions: SIMADO GFX44 - Fixed GSM/3G to Analog Voice Gateway
Matrix Telecom Solutions: SIMADO GFX44 - Fixed GSM/3G to Analog Voice GatewayMatrix Comsec
 
Matrix Telecom Solutions: SPARSH VP248 - Feature-rich SIP Phones
Matrix Telecom Solutions: SPARSH VP248 - Feature-rich SIP PhonesMatrix Telecom Solutions: SPARSH VP248 - Feature-rich SIP Phones
Matrix Telecom Solutions: SPARSH VP248 - Feature-rich SIP PhonesMatrix Comsec
 
Benefits of Hosted VoIP PBX Services by VitelGlobal
Benefits of Hosted VoIP PBX Services by VitelGlobalBenefits of Hosted VoIP PBX Services by VitelGlobal
Benefits of Hosted VoIP PBX Services by VitelGlobalAzharuddin Muhammad
 
FreePBX Application Introduce
FreePBX Application IntroduceFreePBX Application Introduce
FreePBX Application IntroduceZack Chou
 
Setup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkSetup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkNazmul Hossain Rakib
 
Setup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkSetup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkNazmul Hossain Rakib
 
Hybrid IP PBX February 2014
Hybrid IP PBX February 2014Hybrid IP PBX February 2014
Hybrid IP PBX February 2014Matrixcomsec Ttg
 

What's hot (16)

Matrix Telecom Solutions: SETU VFX - Fixed VoIP to FXO-FXS Gateways
Matrix Telecom Solutions: SETU VFX - Fixed VoIP to FXO-FXS GatewaysMatrix Telecom Solutions: SETU VFX - Fixed VoIP to FXO-FXS Gateways
Matrix Telecom Solutions: SETU VFX - Fixed VoIP to FXO-FXS Gateways
 
Día Neocenter | FreePBX The best & most complete open source & Commercial PBX...
Día Neocenter | FreePBX The best & most complete open source & Commercial PBX...Día Neocenter | FreePBX The best & most complete open source & Commercial PBX...
Día Neocenter | FreePBX The best & most complete open source & Commercial PBX...
 
Stu t17 a
Stu t17 aStu t17 a
Stu t17 a
 
Configurar grandstream bt 200
Configurar grandstream bt 200Configurar grandstream bt 200
Configurar grandstream bt 200
 
VoIP Recording
VoIP RecordingVoIP Recording
VoIP Recording
 
Matrix Telecom Solutions: SIMADO GFX44 - Fixed GSM/3G to Analog Voice Gateway
Matrix Telecom Solutions: SIMADO GFX44 - Fixed GSM/3G to Analog Voice GatewayMatrix Telecom Solutions: SIMADO GFX44 - Fixed GSM/3G to Analog Voice Gateway
Matrix Telecom Solutions: SIMADO GFX44 - Fixed GSM/3G to Analog Voice Gateway
 
Basic Computer Networking Tutorial
Basic Computer Networking TutorialBasic Computer Networking Tutorial
Basic Computer Networking Tutorial
 
Matrix Telecom Solutions: SPARSH VP248 - Feature-rich SIP Phones
Matrix Telecom Solutions: SPARSH VP248 - Feature-rich SIP PhonesMatrix Telecom Solutions: SPARSH VP248 - Feature-rich SIP Phones
Matrix Telecom Solutions: SPARSH VP248 - Feature-rich SIP Phones
 
POSITECH 16 Line Telephone Call Recording Device
POSITECH 16 Line Telephone Call Recording DevicePOSITECH 16 Line Telephone Call Recording Device
POSITECH 16 Line Telephone Call Recording Device
 
Benefits of Hosted VoIP PBX Services by VitelGlobal
Benefits of Hosted VoIP PBX Services by VitelGlobalBenefits of Hosted VoIP PBX Services by VitelGlobal
Benefits of Hosted VoIP PBX Services by VitelGlobal
 
FreePBX Application Introduce
FreePBX Application IntroduceFreePBX Application Introduce
FreePBX Application Introduce
 
POSITECH 4 Line Telephone Call Recording Device
POSITECH 4 Line Telephone Call Recording DevicePOSITECH 4 Line Telephone Call Recording Device
POSITECH 4 Line Telephone Call Recording Device
 
POSITECH 16 Line Telephone Call Recording Device
POSITECH 16 Line Telephone Call Recording DevicePOSITECH 16 Line Telephone Call Recording Device
POSITECH 16 Line Telephone Call Recording Device
 
Setup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkSetup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE network
 
Setup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkSetup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE network
 
Hybrid IP PBX February 2014
Hybrid IP PBX February 2014Hybrid IP PBX February 2014
Hybrid IP PBX February 2014
 

Viewers also liked

Princess with large feet
Princess with large feetPrincess with large feet
Princess with large feetmeganlou32
 
Ergo office seating 11 2010 price list
Ergo office seating 11 2010 price listErgo office seating 11 2010 price list
Ergo office seating 11 2010 price listergoofficeseating
 
About LinkedIn for Versatile PhD
About LinkedIn for Versatile PhDAbout LinkedIn for Versatile PhD
About LinkedIn for Versatile PhDAnna Trester
 
About LinkedIn for Versatile PhD
About LinkedIn for Versatile PhDAbout LinkedIn for Versatile PhD
About LinkedIn for Versatile PhDAnna Trester
 
Professional applications-of-linguistics-1
Professional applications-of-linguistics-1Professional applications-of-linguistics-1
Professional applications-of-linguistics-1Anna Trester
 
Langauge of linkedIn
Langauge of linkedInLangauge of linkedIn
Langauge of linkedInAnna Trester
 
What can you do with a degree in linguistics?
What can you do with a degree in linguistics?What can you do with a degree in linguistics?
What can you do with a degree in linguistics?Anna Trester
 
Product mgmt 101 for bioentrepreneurs
Product mgmt 101 for bioentrepreneursProduct mgmt 101 for bioentrepreneurs
Product mgmt 101 for bioentrepreneursLynne VanArsdale
 
Certificado Word
Certificado WordCertificado Word
Certificado Wordchangonorte
 
Certificado Sist Carburacion
Certificado Sist CarburacionCertificado Sist Carburacion
Certificado Sist Carburacionchangonorte
 
Certificado Valvulas
Certificado ValvulasCertificado Valvulas
Certificado Valvulaschangonorte
 
Ensayo final (4)
Ensayo final (4)Ensayo final (4)
Ensayo final (4)Anthar Jain
 
Certificado Control Detonacion
Certificado Control DetonacionCertificado Control Detonacion
Certificado Control Detonacionchangonorte
 
Certificado Equipo
Certificado EquipoCertificado Equipo
Certificado Equipochangonorte
 
Een socialer T-Mobile - Ruud Huigsloot - Kennissessie Customer Experience
Een socialer T-Mobile - Ruud Huigsloot - Kennissessie Customer ExperienceEen socialer T-Mobile - Ruud Huigsloot - Kennissessie Customer Experience
Een socialer T-Mobile - Ruud Huigsloot - Kennissessie Customer ExperiencePlatform Innovatieve Marketing
 

Viewers also liked (20)

Princess with large feet
Princess with large feetPrincess with large feet
Princess with large feet
 
Ergo office seating 11 2010 price list
Ergo office seating 11 2010 price listErgo office seating 11 2010 price list
Ergo office seating 11 2010 price list
 
About LinkedIn for Versatile PhD
About LinkedIn for Versatile PhDAbout LinkedIn for Versatile PhD
About LinkedIn for Versatile PhD
 
About LinkedIn for Versatile PhD
About LinkedIn for Versatile PhDAbout LinkedIn for Versatile PhD
About LinkedIn for Versatile PhD
 
Professional applications-of-linguistics-1
Professional applications-of-linguistics-1Professional applications-of-linguistics-1
Professional applications-of-linguistics-1
 
Langauge of linkedIn
Langauge of linkedInLangauge of linkedIn
Langauge of linkedIn
 
What can you do with a degree in linguistics?
What can you do with a degree in linguistics?What can you do with a degree in linguistics?
What can you do with a degree in linguistics?
 
SCRAPBOOK
SCRAPBOOKSCRAPBOOK
SCRAPBOOK
 
Product mgmt 101 for bioentrepreneurs
Product mgmt 101 for bioentrepreneursProduct mgmt 101 for bioentrepreneurs
Product mgmt 101 for bioentrepreneurs
 
Certificado Word
Certificado WordCertificado Word
Certificado Word
 
Certificado Sist Carburacion
Certificado Sist CarburacionCertificado Sist Carburacion
Certificado Sist Carburacion
 
Presentation26
Presentation26Presentation26
Presentation26
 
Certificado Valvulas
Certificado ValvulasCertificado Valvulas
Certificado Valvulas
 
Ensayo final (4)
Ensayo final (4)Ensayo final (4)
Ensayo final (4)
 
Certificado Control Detonacion
Certificado Control DetonacionCertificado Control Detonacion
Certificado Control Detonacion
 
Certificado Equipo
Certificado EquipoCertificado Equipo
Certificado Equipo
 
Een socialer T-Mobile - Ruud Huigsloot - Kennissessie Customer Experience
Een socialer T-Mobile - Ruud Huigsloot - Kennissessie Customer ExperienceEen socialer T-Mobile - Ruud Huigsloot - Kennissessie Customer Experience
Een socialer T-Mobile - Ruud Huigsloot - Kennissessie Customer Experience
 
Presentation24
Presentation24Presentation24
Presentation24
 
Página de prueba
Página de pruebaPágina de prueba
Página de prueba
 
Res.vila da praia
Res.vila da praiaRes.vila da praia
Res.vila da praia
 

Similar to Seguridad VoIP: Protocolos, Ataques y Herramientas

Scanning The Intertubes For Voip
Scanning The Intertubes For VoipScanning The Intertubes For Voip
Scanning The Intertubes For VoipSandro Gauci
 
Gpon omci v2__voice_configuration_introduction_omciv2_v2_pt_telkom
Gpon omci v2__voice_configuration_introduction_omciv2_v2_pt_telkomGpon omci v2__voice_configuration_introduction_omciv2_v2_pt_telkom
Gpon omci v2__voice_configuration_introduction_omciv2_v2_pt_telkomWahyu Nasution
 
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...PROIDEA
 
VoIP on LTE -packet Filter
VoIP on LTE -packet FilterVoIP on LTE -packet Filter
VoIP on LTE -packet Filterraj_naveen
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysFatih Ozavci
 
Session Initiation Protocol - In depth analysis
Session Initiation Protocol - In depth analysisSession Initiation Protocol - In depth analysis
Session Initiation Protocol - In depth analysischinmaypadhye1985
 
Authenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlAuthenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlWarren Bent
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Warren Bent
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfBT Digital
 
3CX Basic Notes
3CX Basic Notes3CX Basic Notes
3CX Basic Noteskriz5
 
Fttx configuration-577 k-_ver_31072011
Fttx configuration-577 k-_ver_31072011Fttx configuration-577 k-_ver_31072011
Fttx configuration-577 k-_ver_31072011Igors Cardoso
 

Similar to Seguridad VoIP: Protocolos, Ataques y Herramientas (20)

Sip crash course
Sip crash courseSip crash course
Sip crash course
 
Scanning The Intertubes For Voip
Scanning The Intertubes For VoipScanning The Intertubes For Voip
Scanning The Intertubes For Voip
 
Gpon omci v2__voice_configuration_introduction_omciv2_v2_pt_telkom
Gpon omci v2__voice_configuration_introduction_omciv2_v2_pt_telkomGpon omci v2__voice_configuration_introduction_omciv2_v2_pt_telkom
Gpon omci v2__voice_configuration_introduction_omciv2_v2_pt_telkom
 
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
PLNOG 4: Marcin Kuczera - Jak wyrzuciliśmy wszystkie Linuxy, czyli centralny ...
 
VoIP on LTE -packet Filter
VoIP on LTE -packet FilterVoIP on LTE -packet Filter
VoIP on LTE -packet Filter
 
Introduction To SIP
Introduction To SIPIntroduction To SIP
Introduction To SIP
 
Configuracion EIGRP
Configuracion EIGRPConfiguracion EIGRP
Configuracion EIGRP
 
Hacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP GatewaysHacking Trust Relationships Between SIP Gateways
Hacking Trust Relationships Between SIP Gateways
 
Session Initiation Protocol - In depth analysis
Session Initiation Protocol - In depth analysisSession Initiation Protocol - In depth analysis
Session Initiation Protocol - In depth analysis
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
Kb015
Kb015Kb015
Kb015
 
Authenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call ControlAuthenticated Identites in VoIP Call Control
Authenticated Identites in VoIP Call Control
 
Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2Presentation To Vo Ip Round Table V2
Presentation To Vo Ip Round Table V2
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdf
 
Securing Asterisk: A practical approach
Securing Asterisk: A practical approachSecuring Asterisk: A practical approach
Securing Asterisk: A practical approach
 
PROYECTO VLANS
PROYECTO VLANSPROYECTO VLANS
PROYECTO VLANS
 
3CX Basic Notes
3CX Basic Notes3CX Basic Notes
3CX Basic Notes
 
Fttx configuration-577 k-_ver_31072011
Fttx configuration-577 k-_ver_31072011Fttx configuration-577 k-_ver_31072011
Fttx configuration-577 k-_ver_31072011
 
Easyroute how to_sip_calls_en
Easyroute how to_sip_calls_enEasyroute how to_sip_calls_en
Easyroute how to_sip_calls_en
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh RPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Recently uploaded (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Seguridad VoIP: Protocolos, Ataques y Herramientas

  • 1. “Seguridad” VoIP Giovanni Cruz Forero @fixxx3r
  • 3. Agenda Intro Protocolos Ataques Recientes Herramientas Demo # 1 Demo # 2 Demo # 3
  • 6. Componentes Endpoints (Softphones, Hardphones) IP PBX Base de Datos Servidores Web Sistemas Operativos H.323 Gatekeeper SBC PSTN B2BUA UAS UAC SIP Proxy SIP Registrar Softswitch Media Gateways Location Server Directorio
  • 11. IAX
  • 12. SIP PETICIONES INVITE ACK BYE CANCEL REGISTER OPTIONS RESPUESTAS 1XX – Provisionales 2XX – Exitosa 3XX – Redirección 4XX – Error de cliente 5XX – Fallas del Servidor 6XX – Fallas Globales
  • 13. Registro Bob SIP Server | | | REGISTER F1 | |------------------------------>| | 401 Unauthorized F2 | |<------------------------------| | REGISTER F3 | |------------------------------>| | 200 OK F4 | |<------------------------------|
  • 14. F1 REGISTER Bob -> SIP Server REGISTER sips:ss2.biloxi.example.com SIP/2.0 Via: SIP/2.0/TLS client.biloxi.example.com:5061;branch=z9hG4bKnashds7 Max-Forwards: 70 From: Bob <sips:bob@biloxi.example.com>;tag=a73kszlfl To: Bob <sips:bob@biloxi.example.com> Call-ID: 1j9FpLxk3uxtm8tn@biloxi.example.com CSeq: 1 REGISTER Contact: <sips:bob@client.biloxi.example.com> Content-Length: 0
  • 15. F2 401 Unauthorized SIP Server -> Bob SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS client.biloxi.example.com:5061;branch=z9hG4bKnashds7 ;received=192.0.2.201 From: Bob <sips:bob@biloxi.example.com>;tag=a73kszlfl To: Bob <sips:bob@biloxi.example.com>;tag=1410948204 Call-ID: 1j9FpLxk3uxtm8tn@biloxi.example.com CSeq: 1 REGISTER WWW-Authenticate: Digestrealm="atlanta.example.com", qop="auth", nonce="ea9c8e88df84f1cec4341ae6cbe5a359", opaque="", stale=FALSE, algorithm=MD5 Content-Length: 0
  • 16. F3 REGISTER Bob -> SIP Server REGISTER sips:ss2.biloxi.example.com SIP/2.0 Via: SIP/2.0/TLS client.biloxi.example.com:5061;branch=z9hG4bKnashd92 Max-Forwards: 70 From: Bob <sips:bob@biloxi.example.com>;tag=ja743ks76zlflH To: Bob <sips:bob@biloxi.example.com> Call-ID: 1j9FpLxk3uxtm8tn@biloxi.example.com CSeq: 2 REGISTER Contact: <sips:bob@client.biloxi.example.com> Authorization: Digestusername="bob", realm="atlanta.example.com" nonce="ea9c8e88df84f1cec4341ae6cbe5a359", opaque="", uri="sips:ss2.biloxi.example.com", response="dfe56131d1958046689d83306477ecc" Content-Length: 0
  • 17. F4 200 OK SIP Server -> Bob SIP/2.0 200 OK Via: SIP/2.0/TLS client.biloxi.example.com:5061;branch=z9hG4bKnashd92 ;received=192.0.2.201 From: Bob <sips:bob@biloxi.example.com>;tag=ja743ks76zlflH To: Bob <sips:bob@biloxi.example.com>;tag=37GkEhwl6 Call-ID: 1j9FpLxk3uxtm8tn@biloxi.example.com CSeq: 2 REGISTER Contact: <sips:bob@client.biloxi.example.com>;expires=3600 Content-Length: 0
  • 18. SDP
  • 19. RTP
  • 20.
  • 22.
  • 23.
  • 25.
  • 28.
  • 33.
  • 34.