Manipulating VoIP security

Read other tips in the VoIP security series by Gary Audin How to think about VoIP security VoIP security -- problems inherited from data networking VoIP security threats -- The new world VoIP security -- Free IP telephony vulnerability test tools: Sniffing and manipulating the packet stream VoIP security -- Free IP telephony fuzzing tools Manipulating VoIP security Securing the enterprise VoIP perimeter VoIP/IP Telephony vendor security solutions

Packet flooding can cause various forms of Denial of Service (DoS) -- the endpoints don't work, the network is overloaded, phones are disconnected and other malicious acts occur. Signaling manipulation can cause calls to be directed to other locations, add a second listener to the call, create a rogue call manager and force phones to reboot. Another good presentation on VoIP attacks is VoIP Attacks! by Dustin Trammell presented at ToorCon 2006.

How to use this information (disclaimer)

Any tools that attack an enterprise's security will probably cause damage to the operation of VoIP if the tools are used improperly. The links listed below usually have instructions covering the proper use of the tool. Even following the instructions may not eliminate damage or harm. The links are to other sites and are not part of TechTarget, so there is no guarantee that everything will work as expected. The links are for information purposes only.

Now that the disclaimer is out of the way, this list contains free tools. There are many other free and commercial tools on the market that are used by developers that also can be used to attack VoIP components. This tool list is not exhaustive. The primary source for the tool list is VoIPSA from the VoIP Security Alliance. Several of these tools were developed by David Endler and Mark Collier, the authors of Hacking VoIP Exposed.

Packet creation and flooding tools

• IAXFlooder: A packet flooder that creates IAX packets associated with Asterisk. IAX channels use the same port for signaling and media transmission.
• INVITE Flooder: It sends a flurry of SIP INVITE messages that initiate a call to a phone or proxy causing a partial or full disruption of service.
• kphone-ddos: KPhone can be used for flooding attacks with spoofed SIP packets. This information is in Danish.
• RTP Flooder: This tool creates "well formed" RTP Packets that can flood a phone or proxy rendering the SIP phone completely unusable.
• Scapy: Scapy is a powerful interactive packet manipulation program running with LINUX. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. Good discussion information at this site.
• Seagull: This is an open source multi-protocol traffic generator from HP especially targeted towards IMS.
• SIPBomber: SIPBomber is SIP protocol testing tool for Linux developed by MetaLink and released as an open source GPL product.
>
• SIPNess: SIPness Messenger is a SIP testing tool which is used for testing SIP applications.
• SIPp: SIPp is a free open source test tool and traffic generator for the SIP protocol from HP.
• SIPsak: It is a small command line tool for developers and administrators of Session Initiation Protocol (SIP) applications. It can be used for some simple tests on SIP applications and devices. SIPsak is a Swiss army knife.

Signaling manipulation tools

• BYE Teardown: This tool attempts to disconnect an active VoIP conversation by spoofing the SIP BYE message from the receiving party.
• Check Sync Phone Rebooter: It transmits a special NOTIFY SIP message which will reboot certain phones.
• RedirectPoison: This tool works in a SIP signaling environment. It monitors for an INVITE request and responds with a SIP redirect response causing the issuing system to direct a new INVITE to another location.
• Registration Adder: This tool attempts to bind another SIP address to the target, effectively making a phone call ring in two places (the legitimate user's desk phone and the attacker's phone) .
• Registration Eraser: This tool will effectively cause a denial of service by sending a spoofed SIP REGISTER message to convince the proxy that a phone/user is unavailable.
• Registration Hijacker: This tool attempts to spoof SIP REGISTER messages in order to cause all incoming calls to be rerouted to the attacker's phone.
• SIP-Kill: It sniffs for SIP-INVITEs packets and tears down the call. The information is in Danish.
• SIP-Proxy-Kill: This tool tears down a SIP-Session at the last proxy before the opposite endpoint can tear down the session in the signaling path. This information is in Danish.
• SIP-RedirectRTP: It manipulates the SDP headers so that RTP packets are redirected to an RTP-proxy. This information is in Danish.
• SipRogue: This is a multifunctional SIP proxy that can be inserted between two connected voice speakers.

These three tips cover many of the forms of attacks and malicious behavior that have so far been created. There are also scanning, enumeration and miscellaneous tools as well as commercial development tools that are available. As VoIP becomes more pervasive and the number of individuals using VoIP increases, so will the attack tools. Keep checking the sites mentioned in these tips for further additions to the attack tools list.

About the author:
Gary Audin has more than 40 years of computer, communications and security experience. He has planned, designed, specified, implemented and operated data, LAN and telephone networks. These have included local area, national and international networks, as well as VoIP and IP convergent networks, in the U.S., Canada, Europe, Australia and Asia.

Related links:
Ask the expert: What security practices should I keep in mind when designing my VoIP network?

Rate this Tip To rate tips, you must be a member of SearchUnifiedCommunications.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Unified Communications Tech Tip Social networking and discussion forums for the enterprise Streaming Cisco's IP Communicator to an HP thin client Demystifying unified communications deployment strategies Presence management and security Presence: SIMPLE versus XMPP Four factors driving videoconferencing Consider IBM Lotus SameTime for UC, not just Microsoft OCS An introduction to SIP, part 1 What's the value of unified communications? The benefits and challenges of presence within unified communications VoIP Security Security concerns for enterprise Skype SIP tutorial Unified communications security risks and countermeasures Can outsiders access my VoIP line and gather confidential data? Top VoIP Chapter Downloads of 2007 Best practices for instant messaging security Top rated VoIP security tips of 2007 Voice over IPv6: Architectures for Next Generation VoIP Networks VoIP vulnerability threatens data How to Cheat at VoIP Security RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary vishing  (SearchUnifiedCommunications.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.