Scanning The Intertubes For Voip
-
Upload
sandrogauci -
Category
Documents
-
view
1.107 -
download
0
Transcript of Scanning The Intertubes For Voip
![Page 1: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/1.jpg)
Con!dence 2009
ENABLESECURITY
Scanning the Intertubes for VOIPTelephony exposed on the ‘net
![Page 2: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/2.jpg)
Con!dence 2009
ENABLESECURITY
whoami
• EnableSecurity
• 9 years old
• SIPVicious and VOIPPACK (for CANVAS)
• Surfjack, Extended HTML Form attack
![Page 3: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/3.jpg)
Con!dence 2009
ENABLESECURITY
next few minutes
• Brief intro to how VoIP is being abused
• Scanning for VoIP systems
• How to fingerprint VoIP systems
• Possibilities for abuse
![Page 4: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/4.jpg)
Con!dence 2009
ENABLESECURITY
VoIP Scanning
• SIP
• IAX2
• H.323
• SCCP
![Page 5: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/5.jpg)
Con!dence 2009
ENABLESECURITY
A primer on SIP
• Text based just like HTTP
• UDP port 5060
• INVITE gets things to buzz and ring
• REGISTER sends phone calls your way
• OPTIONS gives you supported options
![Page 6: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/6.jpg)
Con!dence 2009
ENABLESECURITY
A primer on IAX2
• Binary protocol running on port 4569
• POKE is like ping
• PONG is like er.. pong
• REGREQ is like REGISTER
• REGREJ stands for registration rejected
![Page 7: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/7.jpg)
Con!dence 2009
ENABLESECURITY
VoIP and Cybercrime
• Scans for SIP are on the rise
• News of fraud
• What is happening in the background?
• What tools are they using?
![Page 8: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/8.jpg)
Con!dence 2009
ENABLESECURITY
Scans
OPTIONS sip:[email protected] SIP/2.0Via: SIP/2.0/UDP 0.0.0.0:1498;branch=BCEA2F83-1CEF-FC6A-2989-54C18CE6425E;rportMax-Forwards: 70To: <sip:[email protected]>From: <sip:[email protected]>;tag=723535DC-E71F-E3D4-D572-2B41E58782E8Call-ID: 4203F1B5-3E1F-E6D6-32FF-B8C2DFAA190FCSeq: 1 OPTIONSContact: <sip:@0.0.0.0:1498;transport=udp>Accept: application/sdpContent-Length: 0
![Page 9: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/9.jpg)
Con!dence 2009
ENABLESECURITY
Honeypot
• Some python code put together
• Replies to requests and acts like a registrar
![Page 10: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/10.jpg)
Con!dence 2009
ENABLESECURITY
demo
![Page 11: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/11.jpg)
Con!dence 2009
ENABLESECURITY
SIP Scanning
• OPTIONS is ideal for this
• REGISTER adds value :-)
• Tell between a registrar and an endpoint
![Page 12: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/12.jpg)
Con!dence 2009
ENABLESECURITY
OPTIONS scan
scannerSIP
Registrar
OPTIONS
200 OK
![Page 13: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/13.jpg)
Con!dence 2009
ENABLESECURITY
![Page 14: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/14.jpg)
Con!dence 2009
ENABLESECURITY
Scanning IAX2
scannerAsterisk
Box
POKE
PONG
![Page 15: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/15.jpg)
Con!dence 2009
ENABLESECURITY
![Page 16: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/16.jpg)
Con!dence 2009
ENABLESECURITY
Headers of interest
SIP/2.0 404 Not found Via: SIP/2.0/UDP 1.1.1.1:5061;branch=z9hG4bK-59472;received=1.1.1.1;rport=5061 From: "test" <sip:[email protected]:5060>;tag=d5a5bd3213c46cdd060c To: "test" <sip:[email protected]:5060>;tag=as05610bff Call-ID: 37012f88-24ac-44aa-ac45-2e6a05421e7d CSeq: 1 REGISTER User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Content-Length: 0
![Page 17: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/17.jpg)
Con!dence 2009
ENABLESECURITY
Modified User-agent
SIP/2.0 404 Not found Via: SIP/2.0/UDP 1.1.1.1:5061;branch=z9hG4bK-59472;received=1.1.1.1;rport=5061 From: "test" <sip:[email protected]:5060>;tag=d5a5bd3213c46cdd060c To: "test" <sip:[email protected]:5060>;tag=as05610bff Call-ID: 37012f88-24ac-44aa-ac45-2e6a05421e7d CSeq: 1 REGISTER User-Agent: MyVeryOwn PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Content-Length: 0
![Page 18: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/18.jpg)
Con!dence 2009
ENABLESECURITY
Give away
SIP/2.0 404 Not found Via: SIP/2.0/UDP 1.1.1.1:5061;branch=z9hG4bK-59472;received=1.1.1.1;rport=5061 From: "test" <sip:[email protected]:5060>;tag=d5a5bd3213c46cdd060c To: "test" <sip:[email protected]:5060>;tag=as05610bff Call-ID: 37012f88-24ac-44aa-ac45-2e6a05421e7d CSeq: 1 REGISTER User-Agent: MyVeryOwn PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Content-Length: 0
![Page 19: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/19.jpg)
Con!dence 2009
ENABLESECURITY
Give away
SIP/2.0 404 Not found Via: SIP/2.0/UDP 1.1.1.1:5061;branch=z9hG4bK-59472;received=1.1.1.1;rport=5061 From: "test" <sip:[email protected]:5060>;tag=d5a5bd3213c46cdd060c To: "test" <sip:[email protected]:5060>;tag=as05610bff Call-ID: 37012f88-24ac-44aa-ac45-2e6a05421e7d CSeq: 1 REGISTER User-Agent: MyVeryOwn PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Content-Length: 0
![Page 20: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/20.jpg)
Con!dence 2009
ENABLESECURITY
Fingerprinting To Tag
Sipura / Linksys SPA [a-fA-F0-9]{16}i0
Cisco VoIP Gateway [a-fA-F0-9]{6,8}-[a-fA-F0-9]{2,4}
AVM FRITZ!Box [a-fA-F0-9]{16,29}
![Page 21: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/21.jpg)
Con!dence 2009
ENABLESECURITY
Order of headers
SIP/2.0 200 OKVia: SIP/2.0/UDP 3.2.1.9:5061;branch=z9hG4bK-24832;rport;received=3.2.1.9From: "hello" <sip:[email protected]:5060>;tag=d90a4f2313c4cc438e14To: "hello" <sip:[email protected]:5060>;tag=as00ea0c68Call-ID: 6a53b3b9-3c0b-47d3-9e7f-b024ffe74663CSeq: 1 OPTIONSUser-Agent: xxx voicemailAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFYContact: <sip:1.2.3.35>Accept: application/sdpContent-Length: 0
![Page 22: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/22.jpg)
Con!dence 2009
ENABLESECURITY
SIP/2.0 404 Not FoundVia: SIP/2.0/UDP 3.2.1.9:5061;branch=z9hG4bK-59202;received=3.2.1.9;rport=5061From: "hello" <sip:[email protected]:5060>;tag=d90a4f8a13c4d8bf89f5To: "hello" <sip:[email protected]:5060>;tag=as263e3393Call-ID: 6a53b3b9-3c0b-47d3-9e7f-b024ffe74663CSeq: 1 OPTIONSUser-Agent: xxx asteriskAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFYSupported: replacesAccept: application/sdpContent-Length: 0
Order of headers
![Page 23: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/23.jpg)
Con!dence 2009
ENABLESECURITY
Order of headers
SIP/2.0 200 OKVia: SIP/2.0/UDP 3.2.1.9:5061;branch=z9hG4bK-24832;rport;received=3.2.1.9From: "hello" <sip:[email protected]:5060>;tag=d90a4f2313c4cc438e14To: "hello" <sip:[email protected]:5060>;tag=as00ea0c68Call-ID: 6a53b3b9-3c0b-47d3-9e7f-b024ffe74663CSeq: 1 OPTIONSUser-Agent: sipgate voicemailAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFYContact: <sip:1.2.3.35>Accept: application/sdpContent-Length: 0
SIP/2.0 404 Not FoundVia: SIP/2.0/UDP 3.2.1.9:5061;branch=z9hG4bK-59202;received=3.2.1.9;rport=5061From: "hello" <sip:[email protected]:5060>;tag=d90a4f8a13c4d8bf89f5To: "hello" <sip:[email protected]:5060>;tag=as263e3393Call-ID: 6a53b3b9-3c0b-47d3-9e7f-b024ffe74663CSeq: 1 OPTIONSUser-Agent: sipbox asteriskAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFYSupported: replacesAccept: application/sdpContent-Length: 0
![Page 24: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/24.jpg)
Con!dence 2009
ENABLESECURITY
Order of headers
SIP/2.0 200 OKVia: SIP/2.0/UDP 3.2.1.9:5061;branch=z9hG4bK-24832;rport;received=3.2.1.9From: "hello" <sip:[email protected]:5060>;tag=d90a4f2313c4cc438e14To: "hello" <sip:[email protected]:5060>;tag=as00ea0c68Call-ID: 6a53b3b9-3c0b-47d3-9e7f-b024ffe74663CSeq: 1 OPTIONSUser-Agent: sipgate voicemailAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFYContact: <sip:1.2.3.35>Accept: application/sdpContent-Length: 0
SIP/2.0 401 UnauthorizedVia: SIP/2.0/UDP 3.2.1.9:5061;branch=z9hG4bK-57276;rport=5061From: "hello" <sip:[email protected]:5060>;tag=d90a4f2813c40c17866cTo: "hello" <sip:[email protected]:5060>;tag=cfbe3ffc7182a98821d890d5d753dab6.dd37Cseq: 1 REGISTERCall-id: 6a53b3b9-3c0b-47d3-9e7f-b024ffe74663WWW-Authenticate: Digest realm="sipgate.at", nonce=" "Content-Length: 0
![Page 25: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/25.jpg)
Con!dence 2009
ENABLESECURITY
Case for header names
SIP/2.0 200 OKVia: SIP/2.0/UDP 3.2.1.9:5061;branch=z9hG4bK-24832;rport;received=3.2.1.9From: "hello" <sip:[email protected]:5060>;tag=d90a4f2313c4cc438e14To: "hello" <sip:[email protected]:5060>;tag=as00ea0c68Call-ID: 6a53b3b9-3c0b-47d3-9e7f-b024ffe74663CSeq: 1 OPTIONSUser-Agent: sipgate voicemailAllow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFYContact: <sip:1.2.3.35>Accept: application/sdpContent-Length: 0
SIP/2.0 401 UnauthorizedVia: SIP/2.0/UDP 3.2.1.9:5061;branch=z9hG4bK-57276;rport=5061From: "hello" <sip:[email protected]:5060>;tag=d90a4f2813c40c17866cTo: "hello" <sip:[email protected]:5060>;tag=cfbe3ffc7182a98821d890d5d753dab6.dd37Cseq: 1 REGISTERCall-id: 6a53b3b9-3c0b-47d3-9e7f-b024ffe74663WWW-Authenticate: Digest realm="sipgate.at", nonce=" "Content-Length: 0
![Page 26: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/26.jpg)
Con!dence 2009
ENABLESECURITY
Fingerprinting
• Just one packet needed
• To tag
• Headers
• Community effort
![Page 27: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/27.jpg)
Con!dence 2009
ENABLESECURITY
Community effort
• SIPVicious 0.2.3
• Included svlearnfp.py
• Generated regular expressions for to tags
• Generated hashes describing headers
• SIPVicious 2.0 ...
![Page 28: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/28.jpg)
Con!dence 2009
ENABLESECURITY
Interesting facts
• Random scans work pretty well
• ADSL etc FRITZ!Box, Speedtouch
• Asterisk
• Cisco Gateways
![Page 29: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/29.jpg)
Con!dence 2009
ENABLESECURITY
demo
![Page 30: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/30.jpg)
Con!dence 2009
ENABLESECURITY
Introducing REGISTER
• Binds an extension to an IP and port
• Normally requires authentication
• If no password is set it binds without auth
![Page 31: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/31.jpg)
Con!dence 2009
ENABLESECURITY
More interesting facts
• The REGISTER scan
• Dangerous
• Useful for cheap honeypots :-)
![Page 32: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/32.jpg)
Con!dence 2009
ENABLESECURITY
Enumeration of extensions
• Response to a REGISTER for non-existent extension
• A different response indicates that the extension exists
• If the extension has no password it sends a 200 OK
• Otherwise asks for authentication
![Page 33: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/33.jpg)
Con!dence 2009
ENABLESECURITY
*REGISTER 100
REGISTER 101
REGISTER 102
![Page 34: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/34.jpg)
Con!dence 2009
ENABLESECURITY
*404 Not found
200 OK
401 Auth required
![Page 35: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/35.jpg)
Con!dence 2009
ENABLESECURITY
demo
![Page 36: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/36.jpg)
Con!dence 2009
ENABLESECURITY
DDoS using IAX2?
:-) *ACK
ACKREGREJ
REGREQ
![Page 37: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/37.jpg)
Con!dence 2009
ENABLESECURITY
DDoS using IAX2?
}:-) *ACK
REGREJ
REGREQ
![Page 38: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/38.jpg)
Con!dence 2009
ENABLESECURITY
DDoS using IAX2?
}:-) *ACK
REGREJREGREJ
REGREQ
![Page 39: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/39.jpg)
Con!dence 2009
ENABLESECURITY
DDoS using IAX2?
}:-) *REGREQ
ACK
REGREJREGREJ
REGREJ
![Page 40: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/40.jpg)
Con!dence 2009
ENABLESECURITY
DDoS using IAX2?}:-)
*
REGREQ
ACK
REGREJREGREJ
REGREJ
:-/
![Page 41: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/41.jpg)
Con!dence 2009
ENABLESECURITY
DDoS using IAX2?
}:-)
*********:-o
![Page 42: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/42.jpg)
Con!dence 2009
ENABLESECURITY
DDoS using IAX2?
}:-)
*:’-(
********
![Page 43: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/43.jpg)
Con!dence 2009
ENABLESECURITY
![Page 44: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/44.jpg)
Con!dence 2009
ENABLESECURITY
SIP Digest Auth
• REGISTER usually gets a 401 Unauthorized
• INVITE gets a 407 Proxy Authentication
• Challenge response mechanism
• Takes various properties + password
• Nonce, Method, URI
![Page 45: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/45.jpg)
Con!dence 2009
ENABLESECURITY
Digest Leak
INVITE
200 OK
![Page 46: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/46.jpg)
Con!dence 2009
ENABLESECURITY
Digest Leak
BYE
407 Challenge
![Page 47: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/47.jpg)
Con!dence 2009
ENABLESECURITY
demo
![Page 48: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/48.jpg)
Con!dence 2009
ENABLESECURITY
Vulnerable endpoints
• X-lite
• Gizmo5
• Zoiper
![Page 49: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/49.jpg)
Con!dence 2009
ENABLESECURITY
Vulnerable endpoints
• Cisco 7940
• Grandstream GXP*
• Patton Smartlink
• Linksys SPA942
• Fritzbox
![Page 50: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/50.jpg)
Con!dence 2009
ENABLESECURITY
But ...
• There’s no SIP Phones on the ‘net!
• There are ;-)
• The ‘net is full of Fritzbox
• Internal endpoints behind NAT
![Page 51: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/51.jpg)
Con!dence 2009
ENABLESECURITY
More at..
• EnableSecurity.com/research
• Sipvicious.org
• VOIPSA.org
![Page 52: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/52.jpg)
Con!dence 2009
ENABLESECURITY
Shoutouts!
• Sjur at usken.no
• dudes from .mt =)
![Page 53: Scanning The Intertubes For Voip](https://reader036.fdocuments.net/reader036/viewer/2022062514/55a5f6171a28ab3a7a8b46b8/html5/thumbnails/53.jpg)
Con!dence 2009
ENABLESECURITY
Q.A