VoIP security -- Free IP telephony fuzzing tools

Fuzzing is a form of stress testing using malformed packets. Fuzzing is also known as functional protocol testing or robustness testing. It is usually used to automate vulnerability discovery. It finds bugs and vulnerabilities by producing different packet types that target a protocol. The fuzzing attack pushes the protocol's design specifications to the breaking point. It is often used by developers and vendor internal QA groups to test their protocol implementations.

It is dangerous to assume that the protocol implementations produced by a vendor are all identical. The protocol software can vary by software release and version. Chapter 11 of "Hacking VoIP Exposed," www.hackingvoip.com, provides a more in-depth discussion of the technique.

The electrical engineering department at Finland's University of Oulu has been working on VoIP security issues and has a good site to access, http://www.ee.oulu.fi/research. This site deals with specific signaling protocol attacks. Another resource is a long presentation by Hendrik Scholz, "SIP Stack Fingerprinting and Stack Difference Attacks," http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Scholz.pdf, which was given at the 2006 Black Hat conference. This security conference now has a separate track discussing VoIP security.

Any tools that attack an enterprise's security will of course cause damage to the operation of VoIP if they are used improperly. The links listed below usually have instructions covering the proper use of the tool, but even following the instructions may not eliminate damage.

This list contains free and commercial tools. There are many other free and commercial tools that are ...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT VoIP QoS and VoIP Security Linking VoIP islands: The value of SIP trunking SIP trunking ROI: Linking VoIP islands and more The benefits of linking VoIP islands Mobile IP networks: An overview Tutorial: VoIP ROI VoIP implementation study guide How will VoIP impact the quality of phone calls on our network? How does one cope with echo in a VoIP-enabled network? What's the best way to use an echo canceller? Does implementing VoIP security affect the QoS? How would one handle it, if it does? IBM, Avaya deals signal IP telephony quality control's coming of age Unified Communications Tech Tip Getting ROI with communications-enabled business processes Recession generates interest, adoption in video conferencing Winning users over to video conferencing Telepresence is the next best thing to being there Implementing a mobile unified communications (UC) solution Understanding mobile unified communications (UC) products The significance of Avaya's Aura UC buyers should look for SaaS-based UC offerings in 2009 Using the iPhone in the enterprise? Social networking and discussion forums for the enterprise

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary vishing  (SearchUnifiedCommunications.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

used by developers that can also be used to attack VoIP components. This tool list is not exhaustive; other free and commercial tools are available. The primary source for the tool list is www.voipsa.org from the VoIP Security Alliance. The tools in this tip deal only with fuzzing attacks.

The following is the list of free and commercial fuzzing tools:

• Asteroid: A set of malformed SIP packets (INVITE, CANCEL, BYE, etc.) that can be crafted to send to any phone or proxy. This tool for attacking Asterisk can cause a denial-of-service condition. It can be used against other products as well.
• Codenomicon VoIP fuzzers: Commercial versions of the free PROTOS toolset discussed later in the tool list.
• Fuzzy Packet: Designed to manipulate messages through the injection, capturing, receiving or sending of packets generated over a network. It can be used to fuzz RTP transmissions and includes a built-in ARP poisoner.
• Mu Security VoIP fuzzing platform: This is a commercial fuzzing platform that covers many non-VoIP protocols and VoIP-related protocols such as DHCP, DHCPv6, H.323, HTTP, ISAKMP, LDAP, MGCP, RTSP, SCTP, SIP, SNMP, SSDP and SSH.
• ohrwurm: A small and simple RTP fuzzer.
• PROTOS H.323 fuzzer: A Java tool, designed by the University of Oulu in Finland, which sends a set of malformed H.323 messages.
• PROTOS SIP fuzzer: A Java tool, designed by the University of Oulu in Finland, which sends a set of malformed SIP messages.
• SIP Forum Test Framework (SFTF): SFTF was created by the SIP Forum to allow SIP device vendors to test their devices for common errors and, as a result of these tests, improve the interoperability of the devices on the market.
• SIP-Proxy: Acts as a proxy between a VoIP UserAgent and an IP-PBX. Exchanged SIP messages pass through the application and can be recorded, manipulated or fuzzed.
• Spirent ThreatEx: A commercial protocol fuzzer and robustness tester that can be used to attack VoIP signaling protocols and most of the associated IP networking protocols for both wired and wireless operations.

The third tip in this series will focus on packet creation and signaling manipulation. Another set of resources and tutorials will also be included in the next tip.

About the author:
Gary Audin has more than 40 years of computer, communications and security experience. He has planned, designed, specified, implemented and operated data, LAN and telephone networks. These have included local area, national and international networks, as well as VoIP and IP convergent networks, in the U.S., Canada, Europe, Australia and Asia.

MOTT How to use fuzzing to deter VoIP protocol attacks http://searchvoip.techtarget.com/tip/0,289483,sid66_gci1163561,00.html

Rate this Tip To rate tips, you must be a member of SearchUnifiedCommunications.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.