Flylib.com

Books Software

 
 
 

Category list


Similar pages

Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions - page 37


Buy on amazon.com >>
Endler D. Collier M.
    << Previous page
    Table of contents
    Next page >>

    Summary

    As you can see, there are a plethora of different types of DoS and DDoS attacks that can cripple your VoIP environment. Hopefully, we were able to bring home the point that a holistic view of security is required to secure your VoIP applications from these attacks. You not only need to protect your VoIP devices and servers, but also the entire data network and supporting infrastructure.

    References

    • Cisco Systems. "Quality of Service for Voice over IP." http://www.cisco.com/en/US/tech/tk652/tk698/technologies_white_paper09186a00800d6b73.shtml

    • http://www.lurhq.com/dnscache.pdf

    • http://www.voip- info .org/wiki-QoS

    • http://www.voiptroubleshooter.com/indepth/jittersources.html

    • SYN floods. http://www.cert.org/advisories/CA-1996-21.html

    • UDP flooding. http://www.cert.org/advisories/CA-1996-01.html

    • Yee-Ting Li. http://www.hep.ucl.ac.uk/~ytl/qos/index.html

    Chapter 5: VoIP Network Eavesdropping

    Get a good night's sleep and don't bug anybody without asking me.
    Richard M. Nixon

    Throughout history, people have sought to safeguard the privacy of their communications. One of the better known examples comes from Julius Caesar, who invented a rudimentary shifting cipher (known as the Caesar Cipher ) to encode military communications sent to his army via messenger. Since Julius Caesar's age, the field of cryptography has advanced substantially to support almost any form of communication, including VoIP.

    As VoIP is simply just another data application, there are a variety of ways to safeguard one's privacy along the various OSI layers. Unfortunately, there are also a variety of ways that an attacker can compromise the privacy of your VoIP conversations by targeting each of those layers . And with the appropriate access to the right point in your network, an attacker can perform a variety of attacks beyond simply listening to your conversations.

    VoIP Privacy: What's at Risk

    The four major network eavesdropping attacks that we will cover in this chapter include TFTP configuration file sniffing, number harvesting , call pattern tracking, and conversation eavesdropping. Each of these attacks requires that an attacker gain access to some part of your network where active VoIP traffic ( bootup , signaling, media, and so on) is flowing . This access can be obtained anywhere from VoIP endpoints (PC host with softphone or phone) to switch access to VoIP proxy/gateways to the Session Border Controller. To gain this type of access, there are a variety of tools and techniques that attackers can leverage.

    We have largely left physical layer attacks out of this chapter. Not to be dismissive, but if any of the components of your VoIP network fall into the wrong hands, there are many ways for an attacker to assume administrative control over it. For a great example of what is possible with a Cisco phone, check out Ofir Arkin's paper, "The Trivial Cisco IP Phones Compromise" at http://www.sys-security.com/archive/papers/The_Trivial_Cisco_IP_Phones_Compromise.pdf.

    Let's first define the four attacks we just outlined before describing the different ways they can be performed.

    TFTP Configuration File Sniffing

    As you learned in Chapters 2 and 3, most IP phones rely on a TFTP server to download their configuration file after powering on. The configuration file often contains passwords that can be used to connect back directly to the phone (in other words, telnet, the web interface, and so on) and administer it. An attacker who is sniffing the wire when the phone downloads this file can glean these passwords and potentially reconfigure and control the IP phone.

    Number Harvesting

    Number harvesting describes an attacker passively monitoring all incoming and outgoing calls in order to build a database of legitimate phone numbers or extensions within an organization. This type of database can be used in more advanced VoIP attacks such as signaling manipulation (covered in Chapter 13) or SPIT attacks (covered in Chapter 14).

    Call Pattern Tracking

    Call pattern tracking goes one step further than number harvesting to determine who someone is talking to, even when their actual conversation is encrypted. This has obvious benefits to law enforcement if they can determine any potential accomplices or fellow criminal conspirators. There are also corporate espionage implications as well if an evil corporation is able to see which customers their competitors are calling. Basically, this attack is akin to stealing someone's monthly cell phone bill in order to see all incoming and outgoing phone numbers.

    Conversation Eavesdropping and Analysis

    The most hyped and the threat of most concern to many VoIP users is conversation eavesdropping. Quite simply, this attack describes an attacker recording one or both sides of a phone conversation. Beyond learning the actual content of the conversation, an attacker can also use tools to translate any touch tones pressed during the call. Touch tones, also known as dual-tone multifrequency (DTMF) tones, are often used when callers enter pin numbers or other authoritative information when on the phone with their bank or credit card company. Being able to capture this information could result in an attacker being able to replay these numbers to gain access to the same account over the phone.


    Buy on amazon.com >>
    Endler D. Collier M.
      << Previous page
      Table of contents
      Next page >>

      Similar products

      Similar products

       
      flylib.com © Copyright 2008-2013. All Rights Reserved.
      if you may any questions please contact us: flylib@qtcs.net
      Privacy policy