Skip to main content


Showing posts from August, 2011

VoIP Eavesdropping: Counter Measurements

As we seen in two last posts   SIP (Sesion Initiation Protocol) is a protocol easily sniffeable because of being transmitted unencrypted over the net. There are some solutions which solve this, but they are not definitive. Next picture show a very basic diagram of one VoIP infrastructure which I will use along this post, at this point we should understand SIP is used for creating, modifying and terminating sessions and this sessions are formed for one or several media streams  and they occurs between clients, leaving SIP Proxy aside. Figure: Basic VoIP network infrastructure Mainly we have two options in order to avoid Eavesdropping attacks: encryption or network separation . Network separation It´s too difficult to own necessary resources to separate physically VoIP network of organization data network. The common solution is to use managed switches and setup different VLANs  (Virtual Private Networks). But this is only applicable inside your LAN and there are

VoIP Eavesdropping: UCSniff (II)

 VoIP Eavesdropping: UCSniff (I) To start this second article I'll dig a little deeper in VoIP Eavesdropping techniques.  There are different classifications over the net but I´m going to use "Hacking Exposed VoIP"  book (I strongly recommend it) one for being , in my opinion, the most complete. According to it we define four categories for these attacks: TFTP Configuration File Sniffing IP phones often obtain their configuration parameters from a TFTP server, you can get an idea imagining something similar to DHCP Protocol, but in application layer of course. In this case attacker could obtain some passwords sniffing or downloading them directly from ftp server, moreover he could even reconfigure phone. In fact I have a fun idea in mind for another POC but we are waiting for someone to lend us a proper phone :). Number Harvesting Attacker monitors all calls in order to obtain legitimate numbers and extensions of a system which will be used combined with other at

VoIP Eavesdropping: UCSniff (I)

After a long time without writing because of different reasons I´m going to begin a group of articles trying to cover different type of attacks against any of the components of a common VoIP (Voice Over Internet Protocol) infrastructure and how to stop them. If you are beginning in this world of VoIP I recommend you to read Building Telephony Systems with OpenSIPS 1. 6 where the authors go through basic theoretical and practical skills needed to implement a complete system. T his time, I will start with VoIP Eavesdropping attack, as the name suggest it consists on listen a conversation without speakers consent. This attack existed in the traditional telephony systems and nowadays is also possible against VoIP ones (and other protocols too, in example bluetooth). As you can imagine we are in front of a classic sniffing attack so, first of all, we need to gain access. Any of the techniques you know are ok, moreover, there are another specific ways for this kind of systems of