1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.
7
1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006
-
date post
22-Dec-2015 -
Category
Documents
-
view
215 -
download
0
Transcript of 1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.
1
VOIP Network Threats
Let the subscribers beware
Gerard Wilkes October 24, 2006
2
VOIP Landscape IP networks are increasingly being
used to carry voice, video, and other communication streams.
New IP voice applications will emerge encouraging the further adoption of this technology.
The combined services provide triple the attack targets and triples the risk.
3
VOIP Protocols
SIP – Call Signaling RTP – Message Transport RTCP – Control Protocol
4
VOIP Vulnerabilities
Eavesdropping – Sniffing SIP Signals Identity Spoofing – Call Redirection Identity and Toll Fraud – Stolen
Credentials Call Integrity – Altered Voice Packets DOS – Against SIP, RTP
5
Interception Attack
AttackerPING PING
Phone-APhone-B
192.168.1.100:50:56:01:01:01
192.168.1.200:50:56:01:01:02
192.168.1.500:50:56:01:01:05
192.168.1.1 00:50:56:01:01:01
192.168.1.200:50:56:01:01:02
192.168.1.1 192.168.1.2
ARP Spoof
To get to 192.168.1.2 useMAC 00:50:56:01:01:05
ARP Spoof
To get to 192.168.1.1 useMAC 00:50:56:01:01:05
ARP Spoofing on Switched LAN
6
Interception Attack
AttackerPhone-APhone-B
192.168.1.100:50:56:01:01:01
192.168.1.200:50:56:01:01:02
192.168.1.500:50:56:01:01:05
Call Interception
SIP INVITE to Phone-B Forward SIP INVITE
to Phone-B
SIP Response to Phone-A
Forward SIP Response to Phone-A
Conversation
RTP (UDP) RTP (UDP)
7
Interception Attack
Attacker
Conversation
