Penetration Testing mailing list archives
Re: VoIP pentest ?
From: Ghaith Nasrawi <libero () aucegypt edu>
Date: Fri, 12 Nov 2004 22:26:54 -0500
sorry for the late post, I just wanted to add that there are several proposals for encrypted VoIP like: http://www.faqs.org/rfcs/rfc3853.html (AES with SIP) and there is another one for using SIP with TLS. also, this http://web.mit.edu/sip/sip.edu/security.shtml would give you some insight about what kind of threats people should expect with VoIP deployment. On Thu, 2004-10-28 at 15:57 -0400, Andre Ludwig wrote:
http://www.voip-info.org/wiki-Open+Source+VOIP+Software Hope this helps you out as far as general tools, as for methodology you would be on your own to develop that. Get creative with the tools on that page and you can do allot if the moon and stars are aligned properly. Feel free to post any and all results you come up with. Tools and links Sip bomber http://metalinkltd.com/eng/downloads/ Features: Analyses server resposes for rfc compliance - Incorporates CERT tests - Supports UDP, TCP and broken TCP transports - Automatic and manual testing modes - Ability to create and run custom tests - QT user interface Best of all it's free and full source code is available. Vomit (converts CISCO voip convo into a wav from tcpdump file) http://vomit.xtdnet.nl/ The vomit utility converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players. Vomit requires a tcpdump output file. Vomit is not a VoIP sniffer also it could be but the naming is probably related to H.323. Download vomit-0.2c.tar.gz <http://vomit.xtdnet.nl/vomit-0.2c.tar.gz> - Released 2004-01-02 (requires libdnet <http://libdnet.sourceforge.net>) vomit-0.2.tar.gz <http://vomit.xtdnet.nl/vomit-0.2.tar.gz> - Released 2001-12-12 (requires libnet <http://www.packetfactory.net/libnet/>) phone.dump.gz <http://vomit.xtdnet.nl/phone.dump.gz> - sample dump from a telephone conversation that I had at CITI <http://www.citi.umich.edu/>. The vomit utility is distributed under a BSD-license and completely free for any use including commercial. In order to build vomit, you need libevent <http://www.monkey.org/%7Eprovos/libevent/>, a library for asynchronous event notification and libdnet <http://libdnet.sourceforge.net> or libnet <http://www.packetfactory.net/libnet/>. Example $ vomit -r phone.dump | waveplay -S8000 -B16 -C1 Errors Vomit works only for G.711. Acknowledgements The program contains wave file interpreting code from waveplay by Y. Sonoda, ulaw conversion code from Sun Microsystems, and some pcap code from Dug Song. It also contains contributions by Marius A. Eriksen. SipSak http://sipsak.berlios.de/ Features sending OPTIONS request sending text files (which should contain SIP requests) traceroute (see section 11 in RFC3261 <http://iptel.org/info/players/ietf/callsignalling/rfc3261.txt>) user location test flooding test random character trashed test interpret and react on response authentication with qop supported short notation supported for receiving (not for sending) string replacement in files can simulate calls in usrloc mode uses symmetric signaling and thus should work behind NAT can upload any given contact to a registrar send messages to any SIP destination Nagios compliant return codes search for strings in reply with regluar expression use multiple processes to create more server load read SIP message from STDIN (e.g. from a pipe '|') Andre Ludwig CISSP On Wed, 27 Oct 2004 11:28:51 +0200, Frederic Charpentier <fcharpen () xmcopartners com> wrote:Hi all, does anyone have experiences or papers on VoIP pentest/assessment ? Expecting classic OS/Network audits and H323/ASN.1 flaws, I can't find any documentations or papers about flaws in VoIP architecture. Fred. ------------------------------------------------------------------------------ Internet Security Systems. - Keeping You Ahead of the Threat When business losses are measured in seconds, Internet threats must be stopped before they impact your network. To learn how Internet Security Systems keeps organizations ahead of the threat with preemptive intrusion prevention, download the new whitepaper, Defining the Rules of Preemptive Protection, and end your reliance on reactive security technology. http://www.securityfocus.com/sponsor/ISS_pen-test_041001 -------------------------------------------------------------------------------
-- (o_ //\ Ghaith Nasrawi V_/_ "Evil thrives when good men do nothing"
Current thread:
- Re: VoIP pentest ? Volker Tanger (Nov 01)
- <Possible follow-ups>
- Re: VoIP pentest ? Ofir Arkin (Nov 01)
- Re: VoIP pentest ? Andre Ludwig (Nov 01)
- Re: VoIP pentest ? Ghaith Nasrawi (Nov 16)
- Re: VoIP pentest ? no name (Nov 03)
- Re: VoIP pentest ? Ivo Batchvarov (Nov 03)