VoIP security -- Free IP telephony vulnerability test tools: Sniffing and manipulating the packet st

VoIP security tools can help the enterprise's security staff test IP telephony vulnerability. When discussing IP telephony vulnerability test tools, there is always the issue that publicizing information will be considered unethical because it can fall into the hands of potential attackers. However, the tools discussed in this tip are all publicly known. Attackers will use them anyway, and hiding this information from the public ensures that the tools will be more useful to the attackers. The attackers will become reliant on the ignorance of the enterprise security staff if the tools are not known to the public. When the enterprise security staff has access to these tools, they can move forward to mitigate security problems.

    Requires Free Membership to View

    Login

More on VoIP security tools
Shawn McGann and Douglas Sicker from the University of Colorado at Boulder authored a useful paper, "An analysis of security threats and tools in SIP-based systems." The article includes a table based on protocol layers, with the vulnerabilities divided into three categories: confidentiality, integrity and availability. Shawn McGann also presented the findings mentioned in the paper at the 2nd VoIP Security Workshop, June 2005. The Workshop presentation contains additional information.

How to use this information (disclaimer)

Any tools that attack an enterprise's security will probably cause damage to the operation of VoIP if the tools are used improperly. The links listed below usually have instructions covering the proper use of the tool. Even following the instructions may not eliminate damage or harm. The links are to other sites and are not part of TechTarget, so there is no guarantee that everything will work as expected. The links are for information purposes only.

Below is a list of free tools. No commercial tools are listed. There are many commercial tools on the market that also can be used to attack VoIP components. This tool list is not meant to be exhaustive. There are also other free tools available beyond the list provided. The primary sources for this list are the VoIP Security Alliance and the Web site of "Hacking VoIP Exposed," from authors Dave Endler and Mark Collier. These two sites each have longer lists than are mentioned in this tip. The tools in this tip deal with sniffing/listening to VoIP conversations and manipulating the RTP voice steam of packets.

Tools for sniffing VoIP packet transmissions

  • AuthTool: Attempts to determine a user's password by analyzing SIP signaling traffic.
  • Cain & Abel: This is a multipurpose tool that has the capability to reconstruct RTP (voice packet) media calls.
  • NetDude: Provides a framework for the inspection, analysis and manipulation of tcpdump trace files.
  • Oreka: Recording and retrieval of audio device and VoIP voice streams.
  • PSIPDump: Dumps SIP sessions (+RTP traffic, if available) from pcap to disk in a fashion similar to "tcpdump -w" (format is exactly the same), but one file per SIP session (even if there are thousands of concurrent SIP sessions).
  • SIPomatic: A SIP listener program that's part of LinPhone. Information is in French.
  • SIPv6 Analyzer: An analyzer for SIP and IPv6. Version 0.1.8 adds RTP Viewer Advance mode, which adds UPnP and STUN support to be able to collect the RTP stream behind an NAT.
  • VoiPong: A utility that detects all VoIP calls on a path, and for those which are G.711 encoded, dumps actual conversation to separate .wav files. It supports SIP, H323, Cisco's Skinny Client Control Protocol (SCCP), RTP and RTCP. It has been written in C language for performance reasons.
  • VoIPong ISO Bootable: Bootable Live-CD version of VoIPong.
  • VOMIT: The VOMIT utility converts a Cisco G.711 CODEC IP phone conversation into a .wav file that can be played with ordinary sound players.
  • Wireshark: Formerly known as Ethereal, Wireshark is the premier network traffic analyzer. It runs on Windows, Linux, UNIX and other platforms.
  • WIST: "Web Interface for SIP Trace," a PHP Web Interface that captures SIP traffic from a remote host (SIP proxy, gateway, etc.) and displays live SIP messages about a specific dialog (filtered by the From SIP user) to help debug SIP transactions.

Tools to change the operation of the voice transmission

  • RTP InsertSound V2.0 and V3.0: These tools take the contents of a .wav or tcpdump format file and insert the sound into an active voice conversation. V3.0 requires the libraries found at the Hacking VoIP Exposed site.
  • RTP MixSound V2.0 and V3.0: These tools take the contents of a .wav or tcpdump format file and mix the sound into an active voice conversation. V3.0 needs the libraries found at the Hacking VoIP Exposed site.
  • RTPProxy: This tool waits for incoming RTP voice packets and sends them to a selected (signaled by a tiny protocol) destination. The information is in Danish.

There are more tools to discuss. The next tip will provide tools for VoIP fuzzing, packet creation and flooding and signaling manipulation. The next tip will also include more tutorials and resources for the VoIP security staff.

About the author:
Gary Audin has more than 40 years of computer, communications and security experience. He has planned, designed, specified, implemented and operated data, LAN and telephone networks. These have included local area, national and international networks, as well as VoIP and IP convergent networks, in the U.S., Canada, Europe, Australia and Asia.

This was first published in April 2007

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top