Penetration Testing mailing list archives
Re: Voip security
From: Marco Ivaldi <raptor () 0xdeadbeef info>
Date: Mon, 27 Nov 2006 11:15:29 +0100 (CET)
Hey pen-test, On Sat, 25 Nov 2006, Mike Klingler wrote:
2) They also had the H.323 protocol available, but SiVUS doesn't support scanning of that protocol yet. Anyone know of tools, methodologies to test this protocol?
I'm currently writing the Voice over IP chapter for the next edition of the Hacking Linux Exposed book. While working on it i've developed a VoIP testing methodology, which i'm also planning to release together with the next version of the OSSTMM (http://www.osstmm.org/).
While performing the research aimed at creating my attack taxonomy, i've evaluated several free software products to determine their effectiveness at auditing VoIP networks: unfortunately, most tested tools were found of limited usefulness inside real-life scenarios. You should therefore employ these tools with caution, not overly relying on them to properly secure a VoIP deployment.
That said, the situation is rapidly evolving and in the next months a huge growth is expected in this area. Here follows a list of the best free tools you may find useful for VoIP testing (yeah, there's not a lot of readily-available software for H.323 yet):
1) Signaling protocols implementation testing - OpenH323 code http://www.openh323.org/ - PROTOS c07-H2250v4 http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4/ - SiVuS (you already know it;) http://www.vopsecurity.org/index.php?name=Downloads&req=viewdownload&cid=1 - PROTOS c07-SIP http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/ - SFTF http://www.sipfoundry.org/sftf - SIPsak http://www.sipsak.org - Smap http://www.wormulon.net/index.php?/archives/1125-smap-released.html - SIP bomber http://www.metalinkltd.com/downloads.php - SIPp http://sipp.sourceforge.net/ - NastySIP http://phoenix.labri.fr/documentation/sip/Documentation/Material/Clients/Tools/Test/NastySIP/SX%20Design.htm - SIPNess http://www.ortena.com/files/Messenger.zip - Skora.net http://skora.net/voip/attacks/ - Hacking VoIP Exposed tools http://www.hackingexposedvoip.com/sec_tools.html - Scapy http://www.secdev.org/projects/scapy/ 2) Signaling protocols analysis and traffic monitoring - SIPcrack http://www.remote-exploit.org/index.php/Sipcrack - SIPv6 Analyzer http://pcs.csie.nctu.edu.tw/~yhsung/sipv6_analyzer/ - NetDude http://netdude.sourceforge.net/ - Callflow http://callflow.sourceforge.net/ - Callplot http://sourceforge.net/projects/callplot - SIP Scenario http://www.iptel.org/~sipsc/ 3) Transport protocols implementation testing - Ohwurm http://mazzoo.de/d/ohrwurm-0.1.tar.bz2 4) Transport protocols analysis and traffic monitoring - VoIPong http://www.enderunix.org/voipong/ - Vomit http://vomit.xtdnet.nl/ - Oreka http://oreka.sourceforge.net/ - Wireshark http://www.wireshark.org/ - Cain & Abel http://www.oxid.it/ Hope this helps;) -- Marco Ivaldi Antifork Research, Inc. http://0xdeadbeef.info/ 3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707 ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Voip security Mike Klingler (Nov 25)
- <Possible follow-ups>
- Fw: Voip security Sony C (Nov 26)
- Re: Voip security Marco Ivaldi (Nov 27)