Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Hacking VoIP Protocols, Attacks, and Countermeasures
ACKNOWLEDGMENTS
INTRODUCTION
Book Overview
Lab Setup
SIP/IAX/H.323 Server
SIP Setup
H.323 Setup (Ekiga)
IAX Setup
1. AN INTRODUCTION TO VOIP SECURITY
Why VoIP
VoIP Basics
How It Works
Protocols
Deployments
VoIP Security Basics
Authentication
Authorization
Availability
Encryption
Attack Vectors
Summary
I. VOIP PROTOCOLS
2. SIGNALING: SIP SECURITY
SIP Basics
SIP Messages
Making a VoIP Call with SIP Methods
Registration
The INVITE Request
Enumeration and Registration
Enumerating SIP Devices on a Network
Registering with Identified SIP Devices
Authentication
Encryption
SIP with TLS
SIP with S/MIME
SIP Security Attacks
Username Enumeration
Enumerating SIP Usernames with Error Messages
Enumerating SIP Usernames by Sniffing the Network
SIP Password Retrieval
Data Collection for SIP Authentication Attacks
An Example
Tools to Perform the Attack
Man-in-the-Middle Attack
Registration Hijacking
Spoofing SIP Proxy Servers and Registrars
Denial of Service via BYE Message
Denial of Service via REGISTER
Denial of Service via Un-register
Fuzzing SIP
Summary
3. SIGNALING: H.323 SECURITY
H.323 Security Basics
Enumeration
Authentication
Symmetric Encryption
Password Hashing
Public Key
Authorization
H.323 Security Attacks
Username Enumeration (H.323 ID)
H.323 Password Retrieval
H.323 Replay Attack
H.323 Endpoint Spoofing (E.164 Alias)
E.164 Alias Enumeration
E.164 Hopping Attacks
Denial of Service via NTP
DoS with Authentication Enabled
Denial of Service via UDP (H.225 Registration Reject)
Denial of Service via Host Unreachable Packets
Denial of Service via H.225 nonStandardMessage
Summary
4. MEDIA: RTP SECURITY
RTP Basics
RTP Security Attacks
Passive Eavesdropping
Capturing Packets from Different Endpoints: Man-in-the-Middle
Using Cain & Abel for Man-in-the-Middle Attacks
Using Wireshark
Active Eavesdropping
Audio Insertion
Audio Replacement
Denial of Service
Message Flooding
RTCP Bye (Session Teardown)
Summary
5. SIGNALING AND MEDIA: IAX SECURITY
IAX Authentication
IAX Security Attacks
Username Enumeration
Offline Dictionary Attack
Active Dictionary Attack
Targeted attack
IAX Man-in-the-Middle Attack
MD5-to-Plaintext Downgrade Attack
Targeted attack-id001
Wildcard attack
Denial of Service Attacks
Registration Reject
Call Reject
HangUP
Targeted attack-id002
Wildcard attack-id001
Hold (QUELCH)
Summary
II. VOIP SECURITY THREATS
6. ATTACKING VOIP INFRASTRUCTURE
Vendor-Specific VoIP Sniffing
Hard Phones
Compromising the Phone's Configuration File
Uploading a Malicious Configuration File
Exploiting Weaknesses of SNMP
Cisco CallManager and Avaya Call Center
Using Nmap to Scan VoIP Devices
Scanning Web Management Interfaces with Nikto
Discovering Vulnerable Services with Nessus
Modular Messaging Voicemail System
Infrastructure Server Impersonation
Spoofing SIP Proxies and Registrars
Redirecting H.323 Gatekeepers
Summary
7. UNCONVENTIONAL VOIP SECURITY THREATS
VoIP Phishing
Spreading the Message
Receiving the Calls
Making Free Calls
Caller ID Spoofing
Example 1
Example 2
Example 3
Example 4
Anonymous Eavesdropping and Call Redirection
Spam Over Internet Telephony
SPIT and the City
Lightweight SPIT with Skype/Google Talk
Summary
8. HOME VOIP SOLUTIONS
Commercial VoIP Solutions
Vonage
Call Eavesdropping (RTP)
Voice Injection (RTP)
Username/Password Retrieval (SIP)
PC-Based VoIP Solutions
Yahoo! Messenger
Eavesdropping on Yahoo! Messenger
Injecting Audio into Yahoo! Messenger Calls
Google Talk
Microsoft Live Messenger
Skype
SOHO Phone Solutions
Summary
III. ASSESS AND SECURE VOIP
9. SECURING VOIP
SIP over SSL/TLS
Secure RTP
SRTP and Media Protection with AES Cipher
SRTP and Authentication and Integrity Protection with HMAC-SHA1
SRTP Key Distribution Method
ZRTP and Zfone
Firewalls and Session Border Controllers
The VoIP and Firewall Problem
The Solution
Summary
10. AUDITING VOIP FOR SECURITY BEST PRACTICES
VoIP Security Audit Program
Summary
About the Author
COLOPHON
← Prev
Back
Next →
← Prev
Back
Next →