[VOIPSEC] VoIP vulnerabilities summarization

sukery sukerry at 126.com
Wed Dec 14 22:43:47 CST 2005 

  i think the inroduction of vpn ipsec will reduce system efficienty.
as to the comparison of SIP and H.323, 
1. H.323,which is defined by ITU-T, tends to be telecom application,it regards voip as an extension of telecommunication field. however, SIP ,which is defined by IETF,  reuses many mechanisms from existing internet famous protocols,such as http, smtp,rtp,dns...,it regards voip as a totoally internet application. as we all know, now IP meltage is a trend, so sip is going to gain more and more acceptances.
2. H.323 is based on binary codec(BER PER), and is very complex in call control signals,while SIP is based on text, and its control signals are simple .further more,many existing internet protocols(such as HTTP) implementation can be used as a reference to  SIP system realization.
3. SIP is much more flexible and extensible compared to H.323, for that its Method ,Head field, message body can be extened and added easily. H.323 is indeed not easy to be extended.
4. SIP is not only a voip protocol, in fact, it has many more important uses besides voip. it is the communication protocol between softswitches and between softswitch and AS in the NGN network, it is the main protocol in IMS (3G core network).

so ,SIP is ip oriented, simple,extensible ,flexible and broadly used, I think SIP is definitely a tendency,I will choose SIP when realize a voip system.

but please note that SIP is immature compared to h.323.

>Hi Sukery
>
>I think you made a good summarization of the vulnerabilities and I agree 
>with what you say.
>
>Sukery i need your help.
>I′m from cuba and in this moment i′m working in an project with title "Qos 
>in VoIP with security" as the title said my problem
>is relationated with have a high level of QoS on real voip networks.
>
>For example:
>
>What happend with the QoS if a used an Firewall or VPN or NAP or IPSec on 
>voip networks.
>
>Which is better yo use on voip networks SIP or H.323???
>
>I need information about this terms if u have anything relationated with it, 
>please send me.
>
>Best regards,
>Ing. Pavel González G.
>Administrador RED CECAT. CUJAE
>Telf: 2663843,2663827
>pavel at cecat.cujae.edu.cu
>
>
>----- Original Message ----- 
>From: "sukery" <sukerry at 126.com>
>To: <Voipsec at voipsa.org>
>Sent: Wednesday, December 14, 2005 8:40 AM
>Subject: Re: [VOIPSEC] VoIP vulnerabilities summarization
>
>
>>
>> Hi Janne:
>> thank you for your comment, I totally agree with what you said.
>> I am a graduate student , our project is focused on VoIP security, we 
>> firstly study the vulnerabilities of voip related protocols(especially 
>> SIP), then define some attack senarios according to these vulnerabilities 
>> we discovered and realize all these attacks, finally we test our attack 
>> system on real voip networks ( supplied by an international famous voip 
>> manufacturer). the attacks includes:
>> exception-packet attack against server
>> dos attack against server
>> disturbance call attack against endpoints
>> pseudo call attack against endpoints
>> call leaflet attack against endpoints
>> sip passwork crack
>> voice eavesdropping (and maybe voice replacement and voice disturbance)
>> voice broadcast & call leaflet attack against pstn terminals(via voip 
>> gateway)
>> and maybe more
>>
>> I am very very sorry to say that due to the confidentiality of this 
>> project , I can not make our attack system public yet. that's the meaning 
>> of the sponsor of this project .
>> anyway , I like to discuss with you as much as possible  :)
>>
>>
>>>Hi Sukery,
>>>
>>>I think you made a good summarization of the vulnerabilities and I agree
>>>with what you say.
>>>
>>>But I think several of the problems you mention can be solved by using
>>>TLS to protect the signalling and SRTP to protect the media as described
>>>in existing standards and drafts. These technologies may not be widely
>>>spread among existing implementations but they exist and your list
>>>provides some good reasons that may motivate others to follow.
>>>
>>>I'm also interested in what tool you used.
>>>
>>>Cheers
>>>/Janne
>>>
>>>> 2.SIP reuses  authentication mechanism from HTTP protocol ,in fact
>>>Http
>>>> authentication is totally imperfect when applied to SIP protocol,for
>>>that
>>>> it is a single-direction authentication, which means that only the
>>>server
>>>> authenticates the endpoints,the endpoints do not authenticate the
>>>> server,this situation makes it easy to deceive endpoints because they
>>>do
>>>> not authenticate any entity in the network. Pseudo call (call someone
>>>with
>>>> a false user id) ,server impersontation are dangerous attacks due to
>>>this
>>>> vulnerability
>>>>
>>>> 3. SIP communication is based on message transaction, however sip
>>>> transaction mechanism is quite complicated.for example, when  a
>>>stateful
>>>> proxy server receives a sip request message, it firstly computes the
>>>> transaction ID for this message,if the transaction ID is not existed
>>>> before, this request message is regarded as  a new message, the server
>>>> will do a lot things for this new message:  save this message, create
>>>a
>>>> finite statemachine for this message, construct a provisional response
>>>> message and send it back, save this response message,update the finite
>>>> statemachine, decide the next hop of this request message basing on
>>>the
>>>> complex routing rules,transfer the request message, create one or more
>>>> client transactions for the request message ...these steps surely
>>>consume
>>>> lots of CPU and memory resources.  as a result,the server is
>>>susceptible
>>>> to DoS Attacks when a hacker continually sends large quantities of SIP
>>>> request messages with different Call-ID
>>>>
>>>> 4.Un-encrypted media stream such as RTP data is easy to be wiretapped
>>>>
>>>> 5.almost all VoIP software has some code flows, in this case,even a
>>>> malicious packet may bring down the server, we call this packet
>>>exception
>>>> packet, in fact we have found exception packets againtst both sip
>>>servers
>>>> and h.323 servers
>>>>
>>>> 6.voip endpoints are much more intellectualized than traditional PSTN
>>>> terminals,however,when this capability is abused,a lot of  malicious
>>>> network attacks appear:
>>>>      disturbance call
>>>> call leaflet
>>>>      voice broadcast
>>>>      and more...
>>>>
>>>>
>>>> >Chris
>>>> >
>>>> >I'm pretty heavily involved in SIP standards development, and have
>>>been
>>>> for
>>>> >some time.  I talk regularly with the kind of folks that I think
>>>would
>>>> know
>>>> >if their stuff had been "hit".  I know about plenty of attacks on the
>>>> >underlying infrastructure, including the platform attacks.  I have
>>>NEVER
>>>> >heard even a whisper of an actual attack on VoIP equipment that used
>>>> >exploits specifically related to SIP (which I don't think is
>>>> substantially
>>>> >better or worse than other VoIP protocols).
>>>> >_______________________________________________
>>>> >Voipsec mailing list
>>>> >Voipsec at voipsa.org
>>>> >http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>>>
>>>>
>>>>
>>
>>
>>
>>
>>
>
>
>--------------------------------------------------------------------------------
>
>
>> _______________________________________________
>> Voipsec mailing list
>> Voipsec at voipsa.org
>> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>

More information about the Voipsec mailing list