Home > Unified Communications Tips > Unified Communications Tech Tip > Manipulating VoIP security
Unified Communications Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

UNIFIED COMMUNICATIONS TECH TIP

Manipulating VoIP security


Gary Audin
05.20.2007
Rating: -5.00- (out of 5)


VoIP news and advice channel
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


This is the third of three tips that present tools for attacking VoIP security. The previous two tips, Free IP telephony vulnerability test tools: Sniffing and manipulating the packet stream and Free IP telephony fuzzing tools, focused on tools for sniffing VoIP packet transmissions, changing the operation of the voice transmission and protocol attacks. This tip covers tools that can be used to create packet flooding and signaling manipulation.

Packet flooding can cause various forms of Denial of Service (DoS) -- the endpoints don't work, the network is overloaded, phones are disconnected and other malicious acts occur. Signaling manipulation can cause calls to be directed to other locations, add a second listener to the call, create a rogue call manager and force phones to reboot. Another good presentation on VoIP attacks is VoIP Attacks! by Dustin Trammell presented at ToorCon 2006.

How to use this information (disclaimer)

Any tools that attack an enterprise's security will probably cause damage to the operation of VoIP if the tools are used improperly. The links listed below usually have instructions covering the proper use of the tool. Even following the instructions may not eliminate damage or harm. The links are to other sites and are not part of TechTarget, so there is no guarantee that everything will work as expected. The links are for information purposes only.

Now that the discla


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Unified Communications Tech Tip
The significance of Avaya's Aura
UC buyers should look for SaaS-based UC offerings in 2009
Using the iPhone in the enterprise?
Social networking and discussion forums for the enterprise
Streaming Cisco's IP Communicator to an HP thin client
Demystifying unified communications deployment strategies
Presence management and security
Presence: SIMPLE versus XMPP
Four factors driving videoconferencing
Consider IBM Lotus SameTime for UC, not just Microsoft OCS

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


imer is out of the way, this list contains free tools. There are many other free and commercial tools on the market that are used by developers that also can be used to attack VoIP components. This tool list is not exhaustive. The primary source for the tool list is VoIPSA from the VoIP Security Alliance. Several of these tools were developed by David Endler and Mark Collier, the authors of Hacking VoIP Exposed.

Packet creation and flooding tools

Signaling manipulation tools

These three tips cover many of the forms of attacks and malicious behavior that have so far been created. There are also scanning, enumeration and miscellaneous tools as well as commercial development tools that are available. As VoIP becomes more pervasive and the number of individuals using VoIP increases, so will the attack tools. Keep checking the sites mentioned in these tips for further additions to the attack tools list.

About the author:
Gary Audin has more than 40 years of computer, communications and security experience. He has planned, designed, specified, implemented and operated data, LAN and telephone networks. These have included local area, national and international networks, as well as VoIP and IP convergent networks, in the U.S., Canada, Europe, Australia and Asia.

Related links:
Ask the expert: What security practices should I keep in mind when designing my VoIP network?

Rate this Tip
To rate tips, you must be a member of SearchUnifiedCommunications.com.
Register now to start rating these tips. Log in if you are already a member.




DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Communications Solutions for Business: Collaboration, Cell Phone Access, and IP Telephony
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts