Voice Over IP. How technology has taken a step back?

Similar documents
Conducting an IP Telephony Security Assessment

Hacking VoIP Exposed. David Endler, TippingPoint Mark Collier, SecureLogix

Voice over IP (VoIP)

ENSC 833-3: NETWORK PROTOCOLS AND PERFORMANCE. Implement Session Initiation Protocol (SIP) User Agent Prototype

SIP Trunking & Security. Dan York, CISSP VOIPSA Best Practices Chair

INTERFACE SPECIFICATION SIP Trunking. 8x8 SIP Trunking. Interface Specification. Version 2.0

Analysing Protocol Implementations

Overview of the Session Initiation Protocol

Journal of Information, Control and Management Systems, Vol. X, (200X), No.X SIP OVER NAT. Pavel Segeč

The Session Initiation Protocol

VOIP. Technology, Security Threats & Countermeasures. Jaydip Sen. Innovation Lab Tata Consultancy Services, Kolkata

a. Draw a network diagram, showing how a telephone in the US would make calls to a telephone on Deception Island. (15 points).

VoIP Security Threat Analysis

Session Initiation Protocol (SIP)

Multimedia networking: outline

VoIP Basics. 2005, NETSETRA Corporation Ltd. All rights reserved.

Best Practices for VoIP Security

TSM350G Midterm Exam MY NAME IS March 12, 2007

Just how vulnerable is your phone system? by Sandro Gauci

Having fun with RTP Who is speaking???

SIP Reliable Provisional Response on CUBE and CUCM Configuration Example

Technical specifications for connecting SIP PBX to the Business Trunk service by Slovak Telekom without registration, with static routing.

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

Multimedia Communication

Popular protocols for serving media

SIP Session Initiation Protocol

Understanding SIP exchanges by experimentation

SIP Tutorial. Leonid Consulting V1.4. Copyright Leonid Consulting, LLC (2007) All rights reserved.

The poor state of SIP endpoint security

Voice over IP. What You Don t Know Can Hurt You. by Darren Bilby


S Postgraduate Course in Radio Communications. Application Layer Mobility in WLAN. Antti Keurulainen,

TSIN02 - Internetworking

Mohammad Hossein Manshaei 1393

RFC 3666 SIP PSTN Call Flows 2 SIP to PSTN Dialing

RFC 3666 SIP PSTN Call Flows 2 SIP to PSTN Dialing

Information About SIP Compliance with RFC 3261

SOHO 3G Gateway Series

Real Time Protocols. Overview. Introduction. Tarik Cicic University of Oslo December IETF-suite of real-time protocols data transport:

Vulnerabilities in Dual-mode / Wi-Fi Phones

Session Initiation Protocol (SIP) Overview

A Review Paper on Voice over Internet Protocol (VoIP)

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

IP Possibilities Conference & Expo. Minneapolis, MN April 11, 2007

Compliance with RFC 3261

Real-Time Control Protocol (RTCP)

Advanced Computer Networks

Overview of SIP. Information About SIP. SIP Capabilities. This chapter provides an overview of the Session Initiation Protocol (SIP).

Application Notes for Configuring Avaya IP Office 8.1 with Etisalat SIP Trunk service Issue 1.0

Kommunikationssysteme [KS]

GSM VoIP Gateway Series

SIP (Session Initiation Protocol)

SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels

Chapter 3: IP Multimedia Subsystems and Application-Level Signaling

Secure Telephony Enabled Middle-box (STEM)

Ingate Firewall & SIParator Product Training. SIP Trunking Focused

ControlONE Technical Guide

Reserving N and N+1 Ports with PCP

Studying the Security in VoIP Networks

Tech-invite RFC SIP PSTN Call Flows 3 PSTN to SIP Dialing. 3.1 Successful PSTN to SIP call

OpenSIPS Workshop. Federated SIP with OpenSIPS and RTPEngine

NGN Security. Next Generation Nightmare? Emmanuel Gadaix Telecom Security Task Force. Dubai, HITB 2007

RFC 3665 Basic Call Flow Examples

SIP Trunk design and deployment in Enterprise UC networks

Multimedia networking: outline

Introduction to OSI model and Network Analyzer :- Introduction to Wireshark

TODAY AGENDA. VOIP Mobile IP

Troubleshooting Voice Over IP with WireShark

Department of Computer Science. Burapha University 6 SIP (I)

The Sys-Security Group

Application Scenario 1: Direct Call UA UA

Application Notes for IntelePeer CoreCloud SIP Trunking Service with Avaya IP Office Release Issue 1.0

FreeSWITCH IP PBX with Secure Twilio Elastic SIP Trunking

Session Initiation Protocol (SIP) Overview

ICE: the ultimate way of beating NAT in SIP

SECURITY RISKS IN IP TELEPHONY

Telecommunication Services Engineering Lab. Roch H. Glitho

SIP Trunking & Peering Operation Guide

VoIP. ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts

MonAM ( ) at TUebingen Germany

Release Note for MyPBX Enterprise X

Transporting Voice by Using IP

Voice over IP Consortium

P2PSIP, ICE, and RTCWeb

IPNext 187 Hybrid IP-PBX System High-performance Hybrid IP-PBX Solution

Multimedia Systems Multimedia Networking Part II Mahdi Amiri December 2015 Sharif University of Technology

SIP Compliance APPENDIX

How to set FAX on asterisk

SIP Protocol Debugging Service

Internet Streaming Media. Reji Mathew NICTA & CSE UNSW COMP9519 Multimedia Systems S2 2006

Technical specifications for connecting SIP PBX to the Business Trunk service by Slovak Telekom.

Provide a generic transport capabilities for real-time multimedia applications Supports both conversational and streaming applications

Cisco ATA 191 Analog Telephone Adapter Overview

LISTENING BY SPEAKING

Modern IP Communication bears risks

Request for Comments: April Control of Service Context using SIP Request-URI

Application Notes for Windstream SIP Trunking Service using Broadsoft Platform with Avaya IP Office Issue 1.0

VoIP Basics. VoIP Basics, X/Stra, Oct 2,

Security for SIP-based VoIP Communications Solutions

Wave7 Optics Richard Brennan Telxxis LLC

Transcription:

Voice Over IP How technology has taken a step back?

Today is 22 nd December. Who I am? What I do? (next slide) What is the tumult all about? How do I think that technology has taken a step back?

Who am I? A Britisher at heart..it s sad that I don t have HSMP

Few of my inspirations and tributes No Boo ing please

I love this guy for Patriot act

Without him, we would nt have had CHASE and other prestigious events in the world

This is not my nephew. It s just a Windows 95 version of me and I love this guy

Agenda VoIP (SIP, H.323, MGCP, IAX, proprietary) How does SIP work? Phreaking VoIPhreaking Tributes and tools VoIPhishing Conclusion Q&A

SIP it! Signaling, media and supporting protocols What is signaling? What happens if the signaling is not there? SIP is signaling, nothing more ASCII text protocol designed by Internet Crunchies (IETF) Bastard child of HTTP and mail Over a decade old (1995) and still considered emerging Vendors keep on bragging about the SIP

SIP elements SIP Proxy Server relays call signaling, routing, AAA rendezvous point for callees and UA s SIP Redirect Server redirects callers to other servers SIP Registrar accept registration requests (REGISTER method) from users maintains user s whereabouts at a Location Server (like GSM HLR) User Agents (RFC 3261)

SIP messages Start line Headers Request or Response Information about the message Body Destination Origin Route Usually media stream location information (Session Description Protocol)

SIP messages (Cont d) Start Line Request Messages Method based request system (INVITE, BYE, REGISTER, OPTION, ACK,CANCEL) Response Messages Error code + reason (smells like HTTP) 404 Not Found, 403 Forbidden 200 OK Successful response 500 Server failure

What does a SIP message look like (on the wire)? INVITE sip:6713@192.168.26.180:6060;user=phone SIP/2.0 Via:SIP/2.0/UDP 192.168.22.36:6060 From:UserAgent<sip:6710@192.168.22.36:6060;user=phone> To:6713<sip:6713@192.168.26.180:6060;user=phone> Call-ID:96561418925909@192.168.22.36 Cseq:1 INVITE Subject:VovidaINVITE Contact:<sip:6710@192.168.22.36:6060;user=phone> Content-Type:application/sdp Content-Length:168 v=0 o=-238540244 238540244 IN IP4 192.168.22.36 s=vovida Session c=in IP4 192.168.22.36 t=3174844751 0 m=audio 23456 RTP/AVP 0 a=rtpmap:0 PCMU/8000 a=ptime:20

A SIP call

Phreaking History Started in the 1960 s Exploited in-band signaling Relied heavily on hardware attacks Famous Phreaks Steve Jobs Steve Wozniak Cap n Crunch

Phreaking techniques In band signaling @ 2600 Mhz Typically used for toll-fraud The colour boxing era Blue boxing Red boxing The grugq s account

Death of Phreaking Out of band signaling Aggressive prosecution of phreakers Improved fraud analysis complements Packet voice is secure? Let us all marry VoIP and admit that revolution is in the air.. No phreaking possible against VoIP Blaaaa..Blingggg.Blooo Beeeep @@@##$ $%%%^^&&&****

The birth of VoIPhreaking I m not dead yet only feeling better

CRAP Omer!!! Packet voice can save you some bucks, more then you can earn through your life and it is secure as well. May be I am against evolution or a fundamentalist catholic who still thinks that earth is flat.

Ohhhhhh realllllllllllllllllllllllly!!!!!! TAKE THAT CRUNCHIES!!!

VoIPhreaking techniques Media attacks Eavesdropping Injection Signaling attacks Hijacking Rerouting Dr. DoS PSTN attacks MG intrusion

TOOLS Remember: a fool with a tool. is still a fool

Introducing the only tool in the world that really works effectively today

CocoNUT or WallNUT or whatever

Tools (Cont d) Hail to Man In The Mirror (oh sorry Middle) Arpspoof (dsniff suite), ettercap, Cain, Hunt Sniff..Sniff (RTP stream) Wireshark (formerly known as ethereal), Tethereal, TCPDump, or build one of your own RTP analyzer >> Follow Stream >> Decode & Publish and a successful eavesdropping attack VoIPong Another RTP stream builder goodie RTP injection Add noise

SIPScan

Dr. Dos (SiVus) INVITE flood

Social Threats SPIT VoIPhishing

SPIT

SPIT How easily your voice mail boxes can be spammed with unwanted advertisements.. Asterisk (http://www.asterisk.org) turns out to be a fairly useful tool for performing SPIT.. Popularity Dialer (http://www.popularitydialer.com) is an example of what Asterisk can be modifedto do Can be used to send phone calls with prerecorded conversation in the future

Question and Answers??

Thank you Catch me at: venommy@gmail.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback