Problem solve Get help with specific problems with your technologies, process and projects.

Employ fuzzing to test VoIP security

A quick look at the vulnerabilities of VoIP protocols and a method of testing SIP and H.323.

Voice over IP security is a popular topic lately, and there is good reason for concern. VoIP is becoming more and more popular and the more widely used it becomes, the more of a target it will be to those interested in wrongdoing.

There are many attack vectors when it comes to VoIP. It relies on the IP infrastructure so any attack that targets a network can be a potential hazard for VoIP. There is concern regarding VoIP components like the OS a soft-phone is running on or the firmware of a device. There are configuration concerns like devices with exposed TCP and UDP ports. There are the aforementioned IP infrastructure attacks in the form of DoS attacks or SYN flooding. Eventually, no matter what the specific attack, there is a good chance that the attacker is exploiting a weakness in the VoIP protocol that is being used.

The two most popular protocols are SIP and H.323. Each of these has their pluses and minuses in terms of security and overall effectiveness.

First let's take a look at SIP. SIP is easier to use since it uses textual encoding like HTTP. It's extensible and it can be paired with other protocols. As far as security goes, textual coding makes debugging easier, but it also makes spoofing easier. Since it is a relatively simple protocol, there is less chance of coding errors. Its open nature does create some concern, as easily integrated and extensible protocols can have more implementation errors.

What about H.323? H.323 uses a binary encoding, which makes it difficult to debug and subject to buffer overflow attacks. Its complexity can also lead to implementation errors. It is not very extensible which actually helps the security-wise and it has a monolithic architecture, which means it does not need to borrow functionality from other protocols.

As you can see, each protocol has its pros and cons. Regardless of the protocol your VoIP implementation is using there are some ways you can test the security of these protocols.

One way to test your implementation protocols is with fuzzing. Fuzzing, or functional protocol testing, is a good way to find bugs and vulnerabilities. Fuzzing works by creating different packets for a given protocol and injecting the packets with data that will test the limits of the protocol. The packets are sent to a device, app or OS and the results are observed.

The PROTOS group at the University of Oulu in Finland is responsible for identifying a number of protocol weaknesses. They've published papers that describe methods for testing SIP and H.323.

The more widespread VoIP becomes the more it will come under attack. By taking some initiative now and testing your VoIP implementation, you might be able to prevent a failure in the future.

Benjamin Vigil is a Technical Editor with

This was last published in March 2005

Dig Deeper on VoIP QoS and Performance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.