[VOIPSEC] Fuzzing - VoIP Testing

Tom Cross cross at gocross.com
Sun May 22 19:48:29 CDT 2005 

Colleagues 

These are animated tutorials to help educate the general public about VoIP.

 TECHtionary.com TECH-TIP VoIP Testing Is About "Fuzzing"
An animated tutorial is available at
<http://danbaldwin.bm23.com/x/trackclick.php?id=1117128_20838f91_62545&url=h
ttp://www.techtionary.com> www.techtionary.com

Before and after installation a VoIP system various tests should be
completed.  In addition, there are certainly other tests such as functional
protocol testing called fuzzing that should also be completed.  While there
are examples of security attacks such as DOS, IP-Sec and others located
throughout TECHtionary, in this TECH-Tip here are two animated examples of
how VoIP attacks can occur.  One is MIM-Man-In-the-Middle attack.  Another
example is a SIP attack.  In other words, since SIP is a common set of
communications protocols attacks or intercepts will be prevalent.

More Details Covered in the Tutorial

Here are some of the kinds of attacks that your VoIP system should be
designed and tested to protect against:

*	Toll Fraud - the IP version of the classic attack by a person
impersonating an employee or Console Cracking (asking the operator for an
outside trunk) to make long distance calls.  However, the attacker
impersonates a valid user and IP address by plugging in their phone or
spoofing the MAC ethernet address. 
*	Eavesdropping - the attacker sniffs (taps into the LAN wireline or
WiFi connection) to intercept voice messages.  Easily available programs
such as VOMIT-Voice Over Misconfigured Internet Telephony perform this
function. 
*	Call Hijacking - attacker spoofs a SIP Response redirecting the
caller to a rogue SIP address and intercept the call. 
*	Resource Exhaustion AKA-Also Known As DOS-Denial Of Service attack.
This attack reduces the number of available IP addresses, bandwidth,
processor memory and other router/server functions. 
*	Message Integrity - MIM-Man-In-the-Middle attack to intercept, alter
or redirect call. 
*	Message Type attacks - attacker bombards (repetitive) SIP server
with BYE or CANCEL messages or ICMP-Internet Message Control Protocol "port
unreachable" messages. 

Part 2 will explain various types of VoIP systems and different security
formats.   In Part 2, there are detailed animations on:

*	Proxy/Gateway/SBC-Session Border Controllers In/Outside the Firewall

*	Proxy/Gateway in Co-Edge Mode 
*	Proxy/Gateway Outside the Firewall 

This tutorial will review these formats and risks associated with them.  For
example, when a firewall provides NAT between an internal and an external
network, proxies may allow VoIP traffic to be processed properly, even in
the absence of a firewall that can translate addresses for VoIP traffic.
Since VoIP is not the only type of data traffic and since each customer
situation is completely different, guidance from the VoIP/IT designer is
essential.

 

 

Thomas B. Cross

TECHtionary -  <http://www.techtionary.com/> www.techtionary.com

Web Hosting Editors' Choice Award Winner for Best Technical Help

More information about the Voipsec mailing list