Professional Documents
Culture Documents
Abstract- VoIP is a technology providing many benefits and cost economic methods for better communication. Now a days, more and more small businesses and enterprises are substituting their old conventional PSTNs with an IP based ones. A VoIP based PBX can provide us many features like Multiple Extensions, Caller ID, Voice mail, IVR capabilities, Recording, Logging, Usage with hardware based telephones or software based. In market, there are many vendors for PBX, IP telephones, VoIP services and equipment such as: CISCO, AVAYA and ASTERISK, SNOM, THOMSON etc. With evolution of technology, comes a new challenge for both the defensive and offensive faces of security aspect, One of the great disadvantages of traditional phone communication was that it was prone to eavesdropping. It can be achieved in a way to physically connect a small transmitter which was connected either inside or outside their premises somewhere along the phone cord. In this paper we will be covering the following attack vectors. They are as scanning phase, sniffing phase and then finally spoofing demo. Keywords- Penetration Testing, VOIP, Spoofing.
provider PSTN via a SIP Trunk/PRI, the VoIP traffic flows through a dedicated VLAN. Hosted Services Just a switch, a router, IP phones and a connection to the service provider PBX via internet or IP/VPN connection, each phone is configured with SIP account information. There is no requirement for a PBX at site. Online SIP Service Services like sipme.me provides an application for PC or smart phones with a free sip account, They are offering low price for international calls as well as free calls between the service users by assigning a phone number to subscribers individually. The SIP (Session Initiation Protocol) role is to establish, end or modify a voice or a video call where the voice and/or video traffic are being carried by a protocol like RTP (Real time transport Protocol). It is an application layer protocol using UDP for transport (TCP and SCTP can be used as well).
I. INTRODUCTION
When we talk about Web based applications, few hold more promise than Voice Over IP (VOIP). VOIP allows businesses as well as consumers alike to save enormous amount of money on their phone bills by making phone calls over the Internet. As great as this technology is though, it does have its disadvantages. For actually exposing those vulnerabilities we make use of penetration testing. There are several ways for implementing IP based telephony; some common topologies and usage are shown below: Self Hosted A PBX (i.e. Asterisk) is installed at the client site and connected to an ISP or telephony service
IJSRET @ 2013
-D : SIP domain to use without leading sip: -w : timeout in msec root@bt:/pentest/voip/smap# ./smap 192.168.1.128 smap 0.6.0 http://www.websitename.net/ 192.168.1.128: ICMP reachable, SIP enabled 1 host scanned, 1 ICMP reachable, 1 SIP enabled (100.0%) Now follow the following commands in case of scanning a range of IP address. root@bt:/pentest/voip/smap# ./smap 192.168.1.* smap 0.6.0 http:// <webaddress> 192.168.1.20: ICMP reachable, SIP enabled 192.168.1.22: ICMP reachable, SIP enabled 192.168.1.0: ICMP unreachable, SIP disabled 192.168.1.1: ICMP unreachable, SIP disabled 192.168.1.2: ICMP unreachable, SIP disabled 192.168.1.3: ICMP unreachable, SIP disabled ----EDIT--192.168.1.250: ICMP unreachable, SIP disabled 192.168.1.251: ICMP unreachable, SIP disabled 192.168.1.252: ICMP unreachable, SIP disabled 192.168.1.253: ICMP unreachable, SIP disabled 192.168.1.254: ICMP unreachable, SIP disabled 192.168.1.255: ICMP unreachable, SIP disabled 256 hosts scanned, 7 ICMP reachable, 2 SIP enabled (0.8%) Till now that we are done with identification of sip enabled hosts. So now we can use SMAP to fingerprint the server/client type and version. It is shown in following commands. root@bt:/pentest/voip/smap# ./smap -O 192.168.1.128 smap 0.6.0 http:// <webaddress> 192.168.1.128: ICMP reachable, SIP enabled best guess (70% sure) fingerprint: Asterisk PBX SVN-trunk-r56579 User-Agent: Asterisk PBX 1 host scanned, 1 ICMP reachable, 1 SIP enabled (100.0%)
in case we can invoke it from anywhere by typing: arpspoof. Before using arpspoof we need to enable IP forwarding using following syntax: root@bt:~# echo 1 > /proc/sys/net/ipv4/ip_forward Arpspoof syntax: root@bt:~# arpspoof Version: 2.4 Usage: arpspoof [-i interface] [-t target] host For a successful MITM attack we will need to spoof both ways: arpspoof t victim gateway arpspoof t gateway victim
V. CONCLUSION SCOPE
AND
FUTURE
Another issue is that unlike a traditional phone, a VOIP system (computer or VOIP phone based) is futile during a power outage. A traditional phone can function even during a power outage because the phone company transmits electricity over the phone line. This electricity is used to power the phone (cordless phones being the exception). So in this way, even if the power goes out, the phone
IJSRET @ 2013
will usually still work because the phones power is coming from a different source. Eavesdropping is the act of secretly listening to the private conversation of others without their permission, as defined by Black's Law Dictionary. VoIP communications software is also vulnerable to electronic eavesdropping via malware infections such as trojans. Caller ID is spoofed through a variety of methods and different technology. The most popular ways of spoofing Caller ID are through the use of VoIP or PRI lines as discussed in this paper.
REFERENCES
[1] A comparison of sip and h.323 for internet telephony henning schulzrinne department of computer science, Columbia university new York. [2] A comprehensive survey on a promising technology Stylianos Karapantazis, Fotini [3] Niovi Pavlidou Department of Electrical and Computer Engineering, Aristotle University of Thessaloniki, Panepistimioupoli, 54124 Thessaloniki, Greece. [4] A Survey on Voice over IP over Wireless LANs Haniyeh Seedorf, J., SIP Security: Status Quo and Future Issues, Talk presented at 23rd Chaos Communication Congress, 2006 [5] K. M. McNeill, M. Liu and J. J. Rodriguez, "An Adaptive Jitter Buffer PlayOut Scheme to Improve VoIP Quality inWireless Networks",
IEEE Conf. on BAE Systems Network Enabled Solutions, Washington, 2006. [6] D. Richard Kuhn, Thomas J. Walsh, Steffen Fries,Security Considerations for Voice over IP Systems, Recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-58, 2005. [7] Bishop M. About Penetration Testing". Security and privacy IEEE Nov-Dec 2007. Volume 5 Page(s): 84 87. [8] J. B. Meisel, M. Needles, Voice over Internet protocol (VoIP) development and public policy implications, Info 7, 2005 [9]. Robinson, S. Art of Penetration Testing Security of Distributed Control Systems, 2005. The IEEE Seminar on Date : 2 Nov. 2005. [10] comparison of sip and h.323 for internet telephony henning schulzrinne department of computer science, Columbia unive rsity new York. [11] Comparative Analysis of Traditional Telephone and Voice over Internet Protocol (VoIP) Systems Hui Min Chong and H.Scott Matthews* Department of Civil and Environmental Engineering Carnegie Mellon University Pittsburgh, PA USA. [12] P. M. Athina., A. T. Fouad and J. K. Mansour, "Assessing the Quality of Voice Communications Over Internet Backbones", IEEE/ACM Transactions on Networking, Vol. 11, No. 5, Oct. 2003.
IJSRET @ 2013