SlideShare a Scribd company logo

VoIP – vulnerabilities and attacks

Download as PPTX, PDF
n|u - The Open Security Community
n|u - The Open Security Community

The document discusses vulnerabilities and attacks against Voice over IP (VoIP) systems. It begins with an introduction to VoIP architecture, components, and protocols. It then covers vulnerabilities and common attack vectors against VoIP, such as identity spoofing, eavesdropping, password cracking, and denial of service attacks. The document demonstrates some example attacks and outlines tools that can be used for scanning, attacking, and testing the security of VoIP systems. It concludes with recommendations for countermeasures like firewalls, encryption, and network hardening to better secure VoIP infrastructures.

1 of 30
VoIP – Vulnerabilities and Attacks Presented by - push
Agenda • Introduction to VoIP – VoIP Architecture – VoIP Components – VoIP Protocols • A PenTester Perspective – Attack Vectors – Scanning – Attacks – Tools of Trade – Countermeasures and Security http://null.co.in/ http://nullcon.net/
Remember Something? http://null.co.in/ http://nullcon.net/
VoIP • IP Telephony • Voice over Internet Protocol • Subset of IP Telephony • Transmission of “Voice” over Packet-Switched Network. • Is it only Voice??? – Data, Audio, Video http://null.co.in/ http://nullcon.net/
VoIP • Voice Analog Signals are converted to digital bits - “Sampled” and transmitted in packets Analog Voice Signals 101010101010 1101101101 Analog Voice 1010101010101101101 101010101010110110 Signals 101 1101 101010101010 1101101101 Internet 1010101010101101101 101010101010110110 101 1101 http://null.co.in/ http://nullcon.net/
VoIP Architecture Ordinary Phone  ATA  Ethernet  Router  Internet http://null.co.in/ http://nullcon.net/
VoIP Architecture IP Phone  Ethernet  IP-PBX  Router  Internet Internet IP Phone IP - PBX Modem / Router http://null.co.in/ http://nullcon.net/
VoIP Architecture Softphone Phone  Ethernet  Router  Internet Internet http://null.co.in/ http://nullcon.net/
VoIP Architecture http://null.co.in/ http://nullcon.net/
VoIP Components • User Agents (devices) • Redirect Servers • Media gateways • Registrar Servers • Signaling gateways • Location Servers • Network management system • Gatekeepers • Billing systems • Proxy Servers GW  Gateway MG  Media Gateway GK  Gatekeeper MGC  Media Gateway Controller NMS  Network Management System IVR  Interactive Voice Response http://null.co.in/ http://nullcon.net/
VoIP Protocols • Vendor Proprietary • Signaling Protocols • Media Protocols http://null.co.in/ http://nullcon.net/
VoIP Protocols SIP Session Initiation Protocol SAP  Session Announcement Protocol SGCP  Simple Gateway Control Protocol MIME  Multipurpose Internet Mail IPDC  Internet Protocol device Control Extensions – Set of Standards RTP  Real Time Transmission Protocol IAX  Inter-Asterisk eXchange SRTP  Secure Real Time Transmission Protocol Megaco H.248  Gateway Control Protocol RTCP  RTP Control Protocol RVP over IP  Remote Voice Protocol over IP SRTCP  Secure RTP Control Protocol RTSP  Real Time Streaming Protocol MGCP  Media Gateway Control Protocol SCCP  Skinny Client Control Protocol (Cisco). SDP  Session Description Protocol UNISTIM  Unified Network Stimulus (Nortel). http://null.co.in/ http://nullcon.net/
VoIP Protocols - SIP http://null.co.in/ http://nullcon.net/
VoIP Protocols – H.323 http://null.co.in/ http://nullcon.net/
A PenTester Perspective http://null.co.in/ http://nullcon.net/
VoIP – Attack Vectors • Vulnerabilities of Both Data and Telephone Network • CIA Triad http://null.co.in/ http://nullcon.net/
VoIP - Scanning • Scanning a network for VoIP enabled systems / devices. • Tools for Scanning and Enumeration : – Nmap  port scanner – Smap  sip scanner. Finds SIP Enabled Servers – Svmap  sip scanner – Svwar  sip extension enumerator – Iwar VoIP Enabled modem Dialer – Metasploit Modules : • H.323 version scanner • SIP enumerator  SIP Username enumerator(UDP) • SIP enumerator_tcp  SIP Username Enumerator(TCP) • Options  SIP scanner(TCP) • Options_tcp  SIP scanner(UDP) http://null.co.in/ http://nullcon.net/
VoIP – Scanning Demo • Nmap scan http://null.co.in/ http://nullcon.net/
VoIP – Common Ports Protocol TCP Port UDP Port SIP 5060 5060 SIP-TLS 5061 5061 IAX2 - 4569 http – web based 80 / 8080 - management console tftp - 69 RTP - 5004 RTCP - 5005 IAX1 - 5036 SCCP 2000 SCCPS 2443 H.323 1720 http://null.co.in/ http://nullcon.net/
VoIP – Scanning Demo • Smap • svmap http://null.co.in/ http://nullcon.net/
VoIP – Scanning Demo • Metasploit Scanner http://null.co.in/ http://nullcon.net/
VoIP - Attacks • Identity Spoofing • Conversation Eavesdropping / Sniffing • Password Cracking • Man-In-The-Middle • SIP-Bye DoS • SIP Bombing • RTP Insertion Attacks • Web Based Management Console Hacks • Fuzzing • Default Passwords http://null.co.in/ http://nullcon.net/
VoIP – Attacks Demo • Identity – Caller ID Spoofing – Tools Used : • Metasploit- SIP_INVITE_Spoof • VoIP Fuzzer – Protos -Sip http://null.co.in/ http://nullcon.net/
VoIP – Attacks Demo • Conversation Eavesdropping – Tools used : • Cain & Abel • Ettercap • Arpspoof • Wireshark http://null.co.in/ http://nullcon.net/
VoIP – Attacks Demo • Man-In-The-Middle – Tools Used : • Wireshark • Arpspoof / ettercap • RTPInject • RTPmixsound http://null.co.in/ http://nullcon.net/
VoIP – Attacks Demo • Password Cracking – Tools Used : • SIPDump • SIPCrack • svcrack http://null.co.in/ http://nullcon.net/
VoIP - Attacks Some Default Passwords for VoIP Devices and Consoles: Device / Console Username Password Uniden UIP1868P VoIP - admin phone Web Interface Hitachi IP5000 VOIP WIFI - 0000 Phone 1.5.6 Vonage VoIP Telephone user user Adapter Grandstream Phones - Web Administrator /admin admin Adimistrator Interface user user •Asterisk Manager User Accounts are configured in /etc/asterisk/manager.conf http://null.co.in/ http://nullcon.net/
VoIP – Audit & PenTest Tools • UCSniff • MetaSploit Modules : – Auxillary Modules • VoIPHopper • SIP enumerator  SIP Username enumerator • SIP enumerator_tcp  SIP USERNAME • Vomit Enumerator • VoIPong • Options  SIP scanner • Options_tcp  SIP scanner • IAX Flood • Asterisk_login  Asterisk Manager Login Utility – Exploits • InviteFlood • Aol_icq_downloadagent  AOL ICQ Arbitary File Downlowd • RTPFlood • Aim_triton_cseq AIM triton 1.0.4 CSeq Buffer Overflow • IAXFlood • Sipxezphone_cseq sipxezphone 0.35a Cseq Filed Overflow • BYE-TearDown • Sipxphone_cseq  sipxPhone 2.6.0.27 Cseq Buffer Overflow http://null.co.in/ http://nullcon.net/
Countermeasures & Security • Separate Infrasrtucture • Do not integrate Data and VoIP Networks • VoIP-aware Firewalls, • Secure Protocols like SRTP, • Session Encryption using SIP/TLS, SCCP/TLS • Harden Network Security – IDS – IPS - NIPS http://null.co.in/ http://nullcon.net/
Thank You See you all @ nullcon - Delhi http://null.co.in/ http://nullcon.net/

Recommended

Voip security
Voip securityVoip security
Voip security
Shethwala Ridhvesh
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
Fatih Ozavci
 
VoIP Security
VoIP SecurityVoIP Security
VoIP Security
Dayanand Prabhakar
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
ImXaib
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
Coursenvy.com
 
Introduction into SIP protocol
Introduction into SIP protocolIntroduction into SIP protocol
Introduction into SIP protocol
Michal Hrncirik
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptx
AmanuelZewdie4
 
Proxy
ProxyProxy
ProxyTriad Square InfoSec
 

Recommended

Voip security
Voip securityVoip security
Voip security
Shethwala Ridhvesh
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
Fatih Ozavci
 
VoIP Security
VoIP SecurityVoIP Security
VoIP Security
Dayanand Prabhakar
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
ImXaib
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
Coursenvy.com
 
Introduction into SIP protocol
Introduction into SIP protocolIntroduction into SIP protocol
Introduction into SIP protocol
Michal Hrncirik
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptx
AmanuelZewdie4
 
Proxy
ProxyProxy
ProxyTriad Square InfoSec
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Wireless Network security
Wireless Network securityWireless Network security
Wireless Network security
Fathima Rahaman
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
Fatih Ozavci
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 Workshop
Fatih Ozavci
 
Presentation on 5G security
Presentation on 5G securityPresentation on 5G security
Presentation on 5G security
RanjitUpadhyay4
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
BharathiKrishna6
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
Ram Bharosh Raut
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
MD. SHORIFUL ISLAM
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
IGZ Software house
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy concepts
Mostafa El Lathy
 
Session initiation-protocol
Session initiation-protocolSession initiation-protocol
Session initiation-protocolSanthosh Somu
 
SIP security in IP telephony
SIP security in IP telephonySIP security in IP telephony
SIP security in IP telephony
PaloSanto Solutions
 
Firewall
FirewallFirewall
Firewall
Saurabh Chauhan
 
Sip
SipSip
Sip
Anirban Roy
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention SystemVishwanath Badiger
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Agris Ameriks
 
Telnet ppt
Telnet pptTelnet ppt
Telnet ppt
SUNILKUMARSINGH
 
LAN Switching and Wireless: Ch1 - LAN Design
LAN Switching and Wireless: Ch1 - LAN DesignLAN Switching and Wireless: Ch1 - LAN Design
LAN Switching and Wireless: Ch1 - LAN Design
Abdelkhalik Mosa
 
Voice Over IP (VoIP)
Voice Over IP (VoIP)Voice Over IP (VoIP)
Voice Over IP (VoIP)habib_786
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
Fatih Ozavci
 

More Related Content

What's hot

Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Wireless Network security
Wireless Network securityWireless Network security
Wireless Network security
Fathima Rahaman
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
Fatih Ozavci
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 Workshop
Fatih Ozavci
 
Presentation on 5G security
Presentation on 5G securityPresentation on 5G security
Presentation on 5G security
RanjitUpadhyay4
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
BharathiKrishna6
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
Ram Bharosh Raut
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
MD. SHORIFUL ISLAM
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
IGZ Software house
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy concepts
Mostafa El Lathy
 
Session initiation-protocol
Session initiation-protocolSession initiation-protocol
Session initiation-protocolSanthosh Somu
 
SIP security in IP telephony
SIP security in IP telephonySIP security in IP telephony
SIP security in IP telephony
PaloSanto Solutions
 
Firewall
FirewallFirewall
Firewall
Saurabh Chauhan
 
Sip
SipSip
Sip
Anirban Roy
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Agris Ameriks
 
Telnet ppt
Telnet pptTelnet ppt
Telnet ppt
SUNILKUMARSINGH
 
LAN Switching and Wireless: Ch1 - LAN Design
LAN Switching and Wireless: Ch1 - LAN DesignLAN Switching and Wireless: Ch1 - LAN Design
LAN Switching and Wireless: Ch1 - LAN Design
Abdelkhalik Mosa
 

What's hot (20)

Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Wireless Network security
Wireless Network securityWireless Network security
Wireless Network security
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 Workshop
 
Presentation on 5G security
Presentation on 5G securityPresentation on 5G security
Presentation on 5G security
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
10 palo alto nat policy concepts
10 palo alto nat policy concepts10 palo alto nat policy concepts
10 palo alto nat policy concepts
 
Session initiation-protocol
Session initiation-protocolSession initiation-protocol
Session initiation-protocol
 
SIP security in IP telephony
SIP security in IP telephonySIP security in IP telephony
SIP security in IP telephony
 
Firewall
FirewallFirewall
Firewall
 
Sip
SipSip
Sip
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
Telnet ppt
Telnet pptTelnet ppt
Telnet ppt
 
LAN Switching and Wireless: Ch1 - LAN Design
LAN Switching and Wireless: Ch1 - LAN DesignLAN Switching and Wireless: Ch1 - LAN Design
LAN Switching and Wireless: Ch1 - LAN Design
 

Viewers also liked

Voice Over IP (VoIP)
Voice Over IP (VoIP)Voice Over IP (VoIP)
Voice Over IP (VoIP)habib_786
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
Fatih Ozavci
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
Fatih Ozavci
 
Voice over IP (VoIP)
Voice over IP (VoIP)Voice over IP (VoIP)
Voice over IP (VoIP)
Peter R. Egli
 
VoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenVoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers Awaken
Fatih Ozavci
 
What is VoIP and How it works?
What is VoIP and How it works?What is VoIP and How it works?
What is VoIP and How it works?
broadconnect
 
Voip powerpoint
Voip powerpointVoip powerpoint
Voip powerpointGW1992
 
Security Challenges In VoIP
Security Challenges In VoIPSecurity Challenges In VoIP
Security Challenges In VoIP
TomGilis
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
Fatih Ozavci
 
SIP Beyond VoIP
SIP Beyond VoIPSIP Beyond VoIP
SIP Beyond VoIP
Saúl Ibarra Corretgé
 
Introduction to SIP(Session Initiation Protocol)
Introduction to SIP(Session Initiation Protocol)Introduction to SIP(Session Initiation Protocol)
Introduction to SIP(Session Initiation Protocol)
William Lee
 
voip gateway
voip gateway voip gateway
voip gateway
Nayomi Ranamuka
 
Voice over Internet Protocol (VoIP) using Asterisk
Voice over Internet Protocol (VoIP) using AsteriskVoice over Internet Protocol (VoIP) using Asterisk
Voice over Internet Protocol (VoIP) using Asterisk
Sameer Verma
 
Voice over internet protocol (VoIP)
Voice over internet protocol (VoIP) Voice over internet protocol (VoIP)
Voice over internet protocol (VoIP)
Namra Afzal
 
Introduction to VoIP
Introduction to VoIPIntroduction to VoIP
Introduction to VoIP
PaloSanto Solutions
 
VoIP Seminar
VoIP SeminarVoIP Seminar
VoIP Seminar
Hossein Yavari
 
Voip
VoipVoip
Voip
Yasin Virani
 
Voip introduction
Voip introductionVoip introduction
Voip introduction
daksh bhatt
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation
tofael1
 

Viewers also liked (19)

Voice Over IP (VoIP)
Voice Over IP (VoIP)Voice Over IP (VoIP)
Voice Over IP (VoIP)
 
VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP VoIP Wars : Return of the SIP
VoIP Wars : Return of the SIP
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
 
Voice over IP (VoIP)
Voice over IP (VoIP)Voice over IP (VoIP)
Voice over IP (VoIP)
 
VoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers AwakenVoIP Wars: The Phreakers Awaken
VoIP Wars: The Phreakers Awaken
 
What is VoIP and How it works?
What is VoIP and How it works?What is VoIP and How it works?
What is VoIP and How it works?
 
Voip powerpoint
Voip powerpointVoip powerpoint
Voip powerpoint
 
Security Challenges In VoIP
Security Challenges In VoIPSecurity Challenges In VoIP
Security Challenges In VoIP
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
 
SIP Beyond VoIP
SIP Beyond VoIPSIP Beyond VoIP
SIP Beyond VoIP
 
Introduction to SIP(Session Initiation Protocol)
Introduction to SIP(Session Initiation Protocol)Introduction to SIP(Session Initiation Protocol)
Introduction to SIP(Session Initiation Protocol)
 
voip gateway
voip gateway voip gateway
voip gateway
 
Voice over Internet Protocol (VoIP) using Asterisk
Voice over Internet Protocol (VoIP) using AsteriskVoice over Internet Protocol (VoIP) using Asterisk
Voice over Internet Protocol (VoIP) using Asterisk
 
Voice over internet protocol (VoIP)
Voice over internet protocol (VoIP) Voice over internet protocol (VoIP)
Voice over internet protocol (VoIP)
 
Introduction to VoIP
Introduction to VoIPIntroduction to VoIP
Introduction to VoIP
 
VoIP Seminar
VoIP SeminarVoIP Seminar
VoIP Seminar
 
Voip
VoipVoip
Voip
 
Voip introduction
Voip introductionVoip introduction
Voip introduction
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation
 

Similar to VoIP – vulnerabilities and attacks

Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
Meletis Belsis MPhil/MRes/BSc
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
 
Introduction to VoIP Security
Introduction to VoIP SecurityIntroduction to VoIP Security
Introduction to VoIP Security
n|u - The Open Security Community
 
VOIP services
VOIP servicesVOIP services
VOIP services
Pankaj Saharan
 
Understanding VoIP - 1
Understanding VoIP - 1Understanding VoIP - 1
Understanding VoIP - 1Adebayo Ojo
 
Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019
Lorenzo Miniero
 
voip elements by Karan singh cypher
voip elements by Karan singh cypher voip elements by Karan singh cypher
voip elements by Karan singh cypher
Karan Maker
 
Linux VOIP
Linux VOIP Linux VOIP
Linux VOIP
chanmyaeag
 
Fuzzing RTC @ Kamailio World 2019
Fuzzing RTC @ Kamailio World 2019Fuzzing RTC @ Kamailio World 2019
Fuzzing RTC @ Kamailio World 2019
Lorenzo Miniero
 
Voip
VoipVoip
Voip
Abd17m
 
Practical Fundamentals of Voice over IP (VoIP) for Engineers and Technicians
Practical Fundamentals of Voice over IP (VoIP) for Engineers and TechniciansPractical Fundamentals of Voice over IP (VoIP) for Engineers and Technicians
Practical Fundamentals of Voice over IP (VoIP) for Engineers and Technicians
Living Online
 
Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP
ThousandEyes
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.
Sumutiu Marius
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017
Juan De Bravo
 
Media Handling in FreeSWITCH
Media Handling in FreeSWITCHMedia Handling in FreeSWITCH
Media Handling in FreeSWITCH
Moises Silva
 
Multipath TCP
Multipath TCPMultipath TCP
Multipath TCP
Olivier Bonaventure
 
VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)
Abdullah Shah
 
Voip softswitch providers
Voip softswitch providersVoip softswitch providers
Voip softswitch providers
VoIP Infotech
 
Softswitch
SoftswitchSoftswitch
Softswitch
VoIP Infotech
 
Softswitch
SoftswitchSoftswitch
Softswitch
VoIP Infotech
 

Similar to VoIP – vulnerabilities and attacks (20)

Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
 
Introduction to VoIP Security
Introduction to VoIP SecurityIntroduction to VoIP Security
Introduction to VoIP Security
 
VOIP services
VOIP servicesVOIP services
VOIP services
 
Understanding VoIP - 1
Understanding VoIP - 1Understanding VoIP - 1
Understanding VoIP - 1
 
Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019
 
voip elements by Karan singh cypher
voip elements by Karan singh cypher voip elements by Karan singh cypher
voip elements by Karan singh cypher
 
Linux VOIP
Linux VOIP Linux VOIP
Linux VOIP
 
Fuzzing RTC @ Kamailio World 2019
Fuzzing RTC @ Kamailio World 2019Fuzzing RTC @ Kamailio World 2019
Fuzzing RTC @ Kamailio World 2019
 
Voip
VoipVoip
Voip
 
Practical Fundamentals of Voice over IP (VoIP) for Engineers and Technicians
Practical Fundamentals of Voice over IP (VoIP) for Engineers and TechniciansPractical Fundamentals of Voice over IP (VoIP) for Engineers and Technicians
Practical Fundamentals of Voice over IP (VoIP) for Engineers and Technicians
 
Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP Introduction to VoIP, RTP and SIP
Introduction to VoIP, RTP and SIP
 
BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.BlackHat Hacking - Hacking VoIP.
BlackHat Hacking - Hacking VoIP.
 
WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017WebRTC meetup barcelona 2017
WebRTC meetup barcelona 2017
 
Media Handling in FreeSWITCH
Media Handling in FreeSWITCHMedia Handling in FreeSWITCH
Media Handling in FreeSWITCH
 
Multipath TCP
Multipath TCPMultipath TCP
Multipath TCP
 
VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)
 
Voip softswitch providers
Voip softswitch providersVoip softswitch providers
Voip softswitch providers
 
Softswitch
SoftswitchSoftswitch
Softswitch
 
Softswitch
SoftswitchSoftswitch
Softswitch
 

More from n|u - The Open Security Community

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
n|u - The Open Security Community
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
n|u - The Open Security Community
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
n|u - The Open Security Community
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
n|u - The Open Security Community
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
n|u - The Open Security Community
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
n|u - The Open Security Community
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
n|u - The Open Security Community
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
n|u - The Open Security Community
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
n|u - The Open Security Community
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
n|u - The Open Security Community
 
Cloud security
Cloud security Cloud security
Cloud security
n|u - The Open Security Community
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
n|u - The Open Security Community
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
n|u - The Open Security Community
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
n|u - The Open Security Community
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
n|u - The Open Security Community
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
n|u - The Open Security Community
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
n|u - The Open Security Community
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
joachimlavalley1
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
RaedMohamed3
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
Anna Sz.
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
Jheel Barad
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
kaushalkr1407
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
timhan337
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
BhavyaRajput3
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
TechSoup
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 

Recently uploaded (20)

Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 

VoIP – vulnerabilities and attacks

  • 1. VoIP – Vulnerabilities and Attacks Presented by - push
  • 2. Agenda • Introduction to VoIP – VoIP Architecture – VoIP Components – VoIP Protocols • A PenTester Perspective – Attack Vectors – Scanning – Attacks – Tools of Trade – Countermeasures and Security http://null.co.in/ http://nullcon.net/
  • 4. VoIP • IP Telephony • Voice over Internet Protocol • Subset of IP Telephony • Transmission of “Voice” over Packet-Switched Network. • Is it only Voice??? – Data, Audio, Video http://null.co.in/ http://nullcon.net/
  • 5. VoIP • Voice Analog Signals are converted to digital bits - “Sampled” and transmitted in packets Analog Voice Signals 101010101010 1101101101 Analog Voice 1010101010101101101 101010101010110110 Signals 101 1101 101010101010 1101101101 Internet 1010101010101101101 101010101010110110 101 1101 http://null.co.in/ http://nullcon.net/
  • 6. VoIP Architecture Ordinary Phone  ATA  Ethernet  Router  Internet http://null.co.in/ http://nullcon.net/
  • 7. VoIP Architecture IP Phone  Ethernet  IP-PBX  Router  Internet Internet IP Phone IP - PBX Modem / Router http://null.co.in/ http://nullcon.net/
  • 8. VoIP Architecture Softphone Phone  Ethernet  Router  Internet Internet http://null.co.in/ http://nullcon.net/
  • 10. VoIP Components • User Agents (devices) • Redirect Servers • Media gateways • Registrar Servers • Signaling gateways • Location Servers • Network management system • Gatekeepers • Billing systems • Proxy Servers GW  Gateway MG  Media Gateway GK  Gatekeeper MGC  Media Gateway Controller NMS  Network Management System IVR  Interactive Voice Response http://null.co.in/ http://nullcon.net/
  • 11. VoIP Protocols • Vendor Proprietary • Signaling Protocols • Media Protocols http://null.co.in/ http://nullcon.net/
  • 12. VoIP Protocols SIP Session Initiation Protocol SAP  Session Announcement Protocol SGCP  Simple Gateway Control Protocol MIME  Multipurpose Internet Mail IPDC  Internet Protocol device Control Extensions – Set of Standards RTP  Real Time Transmission Protocol IAX  Inter-Asterisk eXchange SRTP  Secure Real Time Transmission Protocol Megaco H.248  Gateway Control Protocol RTCP  RTP Control Protocol RVP over IP  Remote Voice Protocol over IP SRTCP  Secure RTP Control Protocol RTSP  Real Time Streaming Protocol MGCP  Media Gateway Control Protocol SCCP  Skinny Client Control Protocol (Cisco). SDP  Session Description Protocol UNISTIM  Unified Network Stimulus (Nortel). http://null.co.in/ http://nullcon.net/
  • 13. VoIP Protocols - SIP http://null.co.in/ http://nullcon.net/
  • 14. VoIP Protocols – H.323 http://null.co.in/ http://nullcon.net/
  • 16. VoIP – Attack Vectors • Vulnerabilities of Both Data and Telephone Network • CIA Triad http://null.co.in/ http://nullcon.net/
  • 17. VoIP - Scanning • Scanning a network for VoIP enabled systems / devices. • Tools for Scanning and Enumeration : – Nmap  port scanner – Smap  sip scanner. Finds SIP Enabled Servers – Svmap  sip scanner – Svwar  sip extension enumerator – Iwar VoIP Enabled modem Dialer – Metasploit Modules : • H.323 version scanner • SIP enumerator  SIP Username enumerator(UDP) • SIP enumerator_tcp  SIP Username Enumerator(TCP) • Options  SIP scanner(TCP) • Options_tcp  SIP scanner(UDP) http://null.co.in/ http://nullcon.net/
  • 18. VoIP – Scanning Demo • Nmap scan http://null.co.in/ http://nullcon.net/
  • 19. VoIP – Common Ports Protocol TCP Port UDP Port SIP 5060 5060 SIP-TLS 5061 5061 IAX2 - 4569 http – web based 80 / 8080 - management console tftp - 69 RTP - 5004 RTCP - 5005 IAX1 - 5036 SCCP 2000 SCCPS 2443 H.323 1720 http://null.co.in/ http://nullcon.net/
  • 20. VoIP – Scanning Demo • Smap • svmap http://null.co.in/ http://nullcon.net/
  • 21. VoIP – Scanning Demo • Metasploit Scanner http://null.co.in/ http://nullcon.net/
  • 22. VoIP - Attacks • Identity Spoofing • Conversation Eavesdropping / Sniffing • Password Cracking • Man-In-The-Middle • SIP-Bye DoS • SIP Bombing • RTP Insertion Attacks • Web Based Management Console Hacks • Fuzzing • Default Passwords http://null.co.in/ http://nullcon.net/
  • 23. VoIP – Attacks Demo • Identity – Caller ID Spoofing – Tools Used : • Metasploit- SIP_INVITE_Spoof • VoIP Fuzzer – Protos -Sip http://null.co.in/ http://nullcon.net/
  • 24. VoIP – Attacks Demo • Conversation Eavesdropping – Tools used : • Cain & Abel • Ettercap • Arpspoof • Wireshark http://null.co.in/ http://nullcon.net/
  • 25. VoIP – Attacks Demo • Man-In-The-Middle – Tools Used : • Wireshark • Arpspoof / ettercap • RTPInject • RTPmixsound http://null.co.in/ http://nullcon.net/
  • 26. VoIP – Attacks Demo • Password Cracking – Tools Used : • SIPDump • SIPCrack • svcrack http://null.co.in/ http://nullcon.net/
  • 27. VoIP - Attacks Some Default Passwords for VoIP Devices and Consoles: Device / Console Username Password Uniden UIP1868P VoIP - admin phone Web Interface Hitachi IP5000 VOIP WIFI - 0000 Phone 1.5.6 Vonage VoIP Telephone user user Adapter Grandstream Phones - Web Administrator /admin admin Adimistrator Interface user user •Asterisk Manager User Accounts are configured in /etc/asterisk/manager.conf http://null.co.in/ http://nullcon.net/
  • 28. VoIP – Audit & PenTest Tools • UCSniff • MetaSploit Modules : – Auxillary Modules • VoIPHopper • SIP enumerator  SIP Username enumerator • SIP enumerator_tcp  SIP USERNAME • Vomit Enumerator • VoIPong • Options  SIP scanner • Options_tcp  SIP scanner • IAX Flood • Asterisk_login  Asterisk Manager Login Utility – Exploits • InviteFlood • Aol_icq_downloadagent  AOL ICQ Arbitary File Downlowd • RTPFlood • Aim_triton_cseq AIM triton 1.0.4 CSeq Buffer Overflow • IAXFlood • Sipxezphone_cseq sipxezphone 0.35a Cseq Filed Overflow • BYE-TearDown • Sipxphone_cseq  sipxPhone 2.6.0.27 Cseq Buffer Overflow http://null.co.in/ http://nullcon.net/
  • 29. Countermeasures & Security • Separate Infrasrtucture • Do not integrate Data and VoIP Networks • VoIP-aware Firewalls, • Secure Protocols like SRTP, • Session Encryption using SIP/TLS, SCCP/TLS • Harden Network Security – IDS – IPS - NIPS http://null.co.in/ http://nullcon.net/
  • 30. Thank You See you all @ nullcon - Delhi http://null.co.in/ http://nullcon.net/

Editor's Notes

  1. IP Telephony - 1990
  2.  Run all VoIP traffic through a separate Internet connection, separating voice and data into their own network segments (VLAN). Set up separate servers dedicated just to VoIP traffic and firewall them apart from the rest of your network. VoIP connections between different buildings use a Virtual Private Network (VPN) to authenticate users to prevent spoofing. Avoid use of cheap VoIP systems. Encrypt any VoIP traffic to keep it confidential and prevent eavesdropping by network sniffers. Put VoIP servers in a secure physical location. Make sure all routers and servers hosting your VoIP system have been hardened and all unnecessary services turned off and ports closed. Restrict access to VoIP servers to only system administrators and log and monitor all access. Use intrusion detection systems to monitor malicious attempts to access your VoIP network. Employ a defense-in-depth of strategy with multiple layers of security, including dedicated VoIP-ready firewalls. Test all devices that send, receive or parse VoIP protocols, including handsets, softphones, SIP proxies, H.323 gateways, call managers and firewalls that VoIP messages pass through.