Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: VoIP pentest ?

from [Ghaith Nasrawi] Network Security [Permanent Link]
Subject: Re: VoIP pentest ?
Date: Fri, 12 Nov 2004 22:26:54 -0500 
sorry for the late post, I just wanted to add that there are several
proposals for encrypted VoIP like:

http://www.faqs.org/rfcs/rfc3853.html (AES with SIP)
and there is another one for using SIP with TLS.


also, this 
http://web.mit.edu/sip/sip.edu/security.shtml
would give you some insight about what kind of threats people should
expect with VoIP deployment.




On Thu, 2004-10-28 at 15:57 -0400, Andre Ludwig wrote:

http://www.voip-info.org/wiki-Open+Source+VOIP+Software

Hope this helps you out as far as general tools, as for methodology
you would be on your own to develop that.  Get creative with the tools
on that page and you can do allot if the moon and stars are aligned
properly.  Feel free to post any and all results you come up with.


Tools and links

Sip bomber 
http://metalinkltd.com/eng/downloads/

Features:
Analyses server resposes for rfc compliance
- Incorporates CERT tests
- Supports UDP, TCP and broken TCP transports
- Automatic and manual testing modes
- Ability to create and run custom tests
- QT user interface

Best of all it's free and full source code is available. 


Vomit (converts CISCO voip convo into a wav from tcpdump file)

http://vomit.xtdnet.nl/
The vomit utility converts a Cisco IP phone conversation into a wave
file that can be played with ordinary sound players. Vomit requires a
tcpdump output file. Vomit is not a VoIP sniffer also it could be but
the naming is probably related to H.323.


Download


vomit-0.2c.tar.gz <http://vomit.xtdnet.nl/vomit-0.2c.tar.gz> -
Released 2004-01-02 (requires libdnet
<http://libdnet.sourceforge.net>)
vomit-0.2.tar.gz <http://vomit.xtdnet.nl/vomit-0.2.tar.gz> - Released
2001-12-12 (requires libnet <http://www.packetfactory.net/libnet/>)
phone.dump.gz <http://vomit.xtdnet.nl/phone.dump.gz> - sample dump
from a telephone conversation that I had at CITI
<http://www.citi.umich.edu/>.

The vomit utility is distributed under a BSD-license and completely
free for any use including commercial.

In order to build vomit, you need libevent
<http://www.monkey.org/%7Eprovos/libevent/>, a library for
asynchronous event notification and libdnet
<http://libdnet.sourceforge.net> or libnet
<http://www.packetfactory.net/libnet/>.

Example
$ vomit -r phone.dump | waveplay -S8000 -B16 -C1

Errors

Vomit works only for G.711. 

Acknowledgements

The program contains wave file interpreting code from waveplay by Y.
Sonoda, ulaw conversion code from Sun Microsystems, and some pcap code
from Dug Song. It also contains contributions by Marius A. Eriksen.




SipSak
http://sipsak.berlios.de/
Features

sending OPTIONS request
sending text files (which should contain SIP requests)
traceroute (see section 11 in RFC3261
<http://iptel.org/info/players/ietf/callsignalling/rfc3261.txt>)
user location test
flooding test
random character trashed test
interpret and react on response
authentication with qop supported
short notation supported for receiving (not for sending)
string replacement in files
can simulate calls in usrloc mode
uses symmetric signaling and thus should work behind NAT
can upload any given contact to a registrar
send messages to any SIP destination
Nagios compliant return codes
search for strings in reply with regluar expression
use multiple processes to create more server load
read SIP message from STDIN (e.g. from a pipe '|')



Andre Ludwig CISSP

On Wed, 27 Oct 2004 11:28:51 +0200, Frederic Charpentier
<fcharpen@xmcopartners.com> wrote:

Hi all,
does anyone have experiences or papers on VoIP pentest/assessment ?
Expecting classic OS/Network audits and H323/ASN.1 flaws, I can't find
any documentations or papers about flaws in VoIP architecture.

Fred.

------------------------------------------------------------------------------
Internet Security Systems. - Keeping You Ahead of the Threat

When business losses are measured in seconds, Internet threats must be 
stopped before they impact your network. To learn how Internet Security 
Systems keeps organizations ahead of the threat with preemptive intrusion 
prevention, download the new whitepaper, Defining the Rules of Preemptive 
Protection, and end your reliance on reactive security technology.

http://www.securityfocus.com/sponsor/ISS_pen-test_041001
-------------------------------------------------------------------------------



-- 


 (o_
 //\   Ghaith Nasrawi
 V_/_  


"Evil thrives when good men do nothing"
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  vlan / 802.1q pen-testing, Marcos Monge
Next by Date:  CEH, Chris Griffin
Previous by Thread:  Re: VoIP pentest ?, Andre Ludwig
Next by Thread:  Re: VoIP pentest ?, no name
Indexes:  [Date] [Thread] [Top] [All Lists]