Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Voip security

from [Marco Ivaldi] Network Security [Permanent Link]
Subject: Re: Voip security
Date: Mon, 27 Nov 2006 11:15:29 +0100 (CET) 
Hey pen-test,

On Sat, 25 Nov 2006, Mike Klingler wrote:

2) They also had the H.323 protocol available, but SiVUS doesn't support scanning of that protocol yet. Anyone know of tools, methodologies to test this protocol?

I'm currently writing the Voice over IP chapter for the next edition of the Hacking Linux Exposed book. While working on it i've developed a VoIP
testing methodology, which i'm also planning to release together with the next version of the OSSTMM (http://www.osstmm.org/).

While performing the research aimed at creating my attack taxonomy, i've evaluated several free software products to determine their effectiveness at auditing VoIP networks: unfortunately, most tested tools were found of limited usefulness inside real-life scenarios. You should therefore employ these tools with caution, not overly relying on them to properly secure a VoIP deployment.

That said, the situation is rapidly evolving and in the next months a huge growth is expected in this area. Here follows a list of the best free tools you may find useful for VoIP testing (yeah, there's not a lot of readily-available software for H.323 yet):

1) Signaling protocols implementation testing

- OpenH323 code
  http://www.openh323.org/
- PROTOS c07-H2250v4
  http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4/
- SiVuS (you already know it;)
  http://www.vopsecurity.org/index.php?name=Downloads&req=viewdownload&cid=1
- PROTOS c07-SIP
  http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
- SFTF
  http://www.sipfoundry.org/sftf
- SIPsak
  http://www.sipsak.org
- Smap
  http://www.wormulon.net/index.php?/archives/1125-smap-released.html
- SIP bomber
  http://www.metalinkltd.com/downloads.php
- SIPp
  http://sipp.sourceforge.net/
- NastySIP
  
http://phoenix.labri.fr/documentation/sip/Documentation/Material/Clients/Tools/Test/NastySIP/SX%20Design.htm
- SIPNess
  http://www.ortena.com/files/Messenger.zip
- Skora.net
  http://skora.net/voip/attacks/
- Hacking VoIP Exposed tools
  http://www.hackingexposedvoip.com/sec_tools.html
- Scapy
  http://www.secdev.org/projects/scapy/

2) Signaling protocols analysis and traffic monitoring

- SIPcrack
  http://www.remote-exploit.org/index.php/Sipcrack
- SIPv6 Analyzer
  http://pcs.csie.nctu.edu.tw/~yhsung/sipv6_analyzer/
- NetDude
  http://netdude.sourceforge.net/
- Callflow
  http://callflow.sourceforge.net/
- Callplot
  http://sourceforge.net/projects/callplot
- SIP Scenario
  http://www.iptel.org/~sipsc/

3) Transport protocols implementation testing

- Ohwurm
  http://mazzoo.de/d/ohrwurm-0.1.tar.bz2

4) Transport protocols analysis and traffic monitoring

- VoIPong
  http://www.enderunix.org/voipong/
- Vomit
  http://vomit.xtdnet.nl/
- Oreka
  http://oreka.sourceforge.net/
- Wireshark
  http://www.wireshark.org/
- Cain & Abel
  http://www.oxid.it/

Hope this helps;)

--
Marco Ivaldi
Antifork Research, Inc.   http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233  0394 EF85 2008 DBFD B707


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Generating awareness amongst IT staff, arif . jatmoko
Next by Date:  Re: [Full-disclosure] The state of JavaScript Hacking, Martin Johns
Previous by Thread:  Fw: Voip security, Sony C
Next by Thread:  [Full-disclosure] The state of JavaScript Hacking, pdp (architect)
Indexes:  [Date] [Thread] [Top] [All Lists]