Penetration Testing mailing list archives
RE: VoIP pentest ?
From: Sérgio Yoshioka <sergioy2004 () yahoo com br>
Date: Fri, 10 Dec 2004 00:04:11 -0300 (ART)
Hi people, Maybe help: Another tool to test VoIP (SIP) is Protos. With this tool a lot of security problems were found in various SIP products. Details in http://www.cert.org/advisories/CA-2003-06.html You can get more information about Protos in the link: http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/ SiVus is recent and you can find in www.vopsecurity.org By the way another serious problem in VoIP will be spam or SPIT (spam over internet telephony). VoIP Protocols have in general problem when needs to make traversal NAT. Another problem is to dynamically open/close ports in firewall to make VoIP communication/conversation with RTP/RTPC. Sérgio Yoshioka --- Mark Teicher <mht3 () earthlink net> escreveu:
Jerry, These are just some of the product for Item #2 discussed in my post. NetAlly from http://www.violanetworks.com/products.asp Qovia Central from http://www.qovia.com Physical Security of the Telecommunications Room (always a good place to start) Encryption Methodologies (with each option, advantages and disadvantages of performance/security or security/performance) VOIP Configuration Testing Quality of Service Performance and Security Testing TFTP exploitation (since most IP phones retrieve their settings via TFTP) CALEA Compliance Most VoIP Equipment have basic protection against DDOS, but during a VOIP Security Assessment, what occurs to the equipment when it is being attacked is far more interesting and what are the continuity plans of the organization for when the VOIP network is not responding. -----Original Message----- From: Jerry Shenk <jshenk () decommunications com> Sent: Dec 9, 2004 10:56 AM To: 'Mark Teicher' <mht3 () earthlink net>, pen-test () securityfocus com Subject: RE: VoIP pentest ? So, Mark - what are some of the good tools for testing a network for VOIP readiness? I've got a local company that is "real hot" on VOIP....like it's gonna be the end-all to every problem. I suppose it can help a few issues but they need a little help giving a little thought to some of the performance and security issues. -----Original Message----- From: Mark Teicher [mailto:mht3 () earthlink net] Sent: Monday, December 06, 2004 9:28 PM To: pen-test () securityfocus com Subject: Re: VoIP pentest ? Actually, the question for VOIP pen-testing should be split into two issues: 1. How many vulnerable is a network with VOIP ? 2. Is the network ready for VOIP? 3. VOIP Attack suite 1. Here is the tricky part, most saavy security consultants will apply normal security methodology techniques in examining a network using <insert your favorite network topology mapping tool> and < insert your favorite network scanning tools> to assess the network. In a previous life, I worked with a Phd who didn't want to listen that wrote some a methodology for security assessments, only a minimum of what he wrote applies in examining a network with VoIP. 2. Is a network ready for VOIP? That is an interesting question since most <insert you favorite scanning tool here> will provide an organization or security consultants very minimal information on whether a network is ready for VOIP. WARNING: If a security consultant who offers a VOIP readiness check, inquire what tools they use, if their answer begins with <insert your favorite network scanning tool>, be very afraid. 3. VOIP Attack suite - there are rudimentary scanning tools out there for assessing VOIP products, but does not encompass all the components of a VOIP setup. Here is the issue, running a scan across IP phones will cause users of a particular organization get a little miffed, since most IP phones do not have denial of service protection built-in, so that is out. Another issue is that most common intrusion detection systems have not incorporated VOIP protocol decodes into their products yet, there are a couple of pattern matching signatures out there for Sn0rt but very few, so at most, when running VOIP attacks on a VOIP network, the majority of noise will be from the users and very little information will be gathered about the VOIP products except OS banner collection, and port flapping. hope this helps /m At 08:32 AM 10/28/2004, Volker Tanger wrote:Greetings! On Wed, 27 Oct 2004 11:28:51 +0200 FredericCharpentier<fcharpen () xmcopartners com> wrote:does anyone have experiences or papers on VoIPpentest/assessment ?Expecting classic OS/Network audits andH323/ASN.1 flaws, I can't findany documentations or papers about flaws in VoIParchitecture.VoIP (SIP and H.323) do media transfer via(unencrypted) RTP/RTCP.SIP is a simple, unauthenticated cleartextprotocol. H.323 similar(binary and more complex, but stillunauthenticated).With ARPspoofing etc. it is simple to listen tovoice streams or callsetup - or change it. So re-routing voice streamsor calls should besimple. Quite a high percentage of systems were/aresusceptible to bufferoverflows it seems (forgot the URL - about half ayear ago).For other fun with SIP see e.g.http://www.infoanarchy.org/story/2004/9/15/23127/3363Bye Volker Tanger ITK Security
_______________________________________________________ Yahoo! Mail - Agora com 250MB de espaço gratuito. Abra uma conta agora! http://br.info.mail.yahoo.com/
Current thread:
- Re: VoIP pentest ? Mark Teicher (Dec 09)
- RE: VoIP pentest ? Jerry Shenk (Dec 09)
- <Possible follow-ups>
- RE: VoIP pentest ? Mark Teicher (Dec 09)
- RE: VoIP pentest ? Sérgio Yoshioka (Dec 10)
- VoIP pentest ? Mark Teicher (Dec 09)
- Re: VoIP pentest ? - testing Alvin Oga (Dec 09)
- RE: VoIP pentest ? Brewis, Mark (Dec 09)