Monthly Archives: March 2008

Does VoIP Exist?

This was a question I asked at the recent VON conference in San Jose, CA. Of course we talk a lot here about VoIP Security, but actually if we take a step back, is VoIP itself any longer a meaningfully separate concept? The thing is that technology moves on, and maybe some people care whether they are connected via cable or ADSL, but pretty much, the average Joe is happy that “broadband” is magic that provides fast Internet. Today there’s still talk about “WiFi” as a distinct technology, but WiMax, LTE and mobile broadband (EVDO, UMTS etc) are on the rise, and within a couple of years, we’re all likely to have forgotten which technology we’re using to connect to the Internet.

So my thesis is that IP is so very intrinsic to the nature of all telecoms today, that it’s probably not even worth using “Vo” any longer. Why should I say that? Well firstly, SS7, the mainstay of today’s international telecoms network, in many cases uses IP to carry the signalling traffic, using the protocol family known as Sigtran. In traditional telecoms, media and signalling has long been split, with SS7 connecting the calls, and a parallel network of E1/T1 links carrying the voice calls. The long established estrangement of media and signalling continues into the NGN world, with signalling now mostly meaning SIP, and the media usually RTP, but there is still a world of choice. When SS7 meets SIP we can often find ISUP (the call control protocol most widely used by telecoms incumbents) being tunnelled using protocols like SIP-I and its twin (in the iron mask) SIP-T. In the “legit” SS7 community we find that BICC (Bearer Independent Call Control) allows us to connect calls in a way familiar to all fans of ISUP, and yet the calls themselves don’t need to be 64k bearer channels any more, but can also be the IP-friendly RTP streams.

This is not a fashion, but simply an evolution. Today, when telcos federate, it is largely using traditional TDM lines, and traditional SS7 protocols. But this is changing: it’s very cheap and convenient to interconnect using Sigtran, and there is much talk about how to connect calls using “codec free” operation: that is, to pipe the audio unchanged from end to end, to optimize audio quality and bandwidth usage. The GSM Association are promoting a system called IPX, which will allow mobile carriers to interconnect using IP, such that not only signalling and media are seamlessly interconnected (via a private intranet), but also settlement data will automatically be exchanged, so that every telco knows what they owe to every other party.

If I may press my point further, in many projects the traditional TDM core is being removed in favour of a big SIP router surrounded by a ring of session border controllers (SBCs). One major factor in these projects is that the customers are still today 80/20 connected via traditional E1/T1 or SS7 networks, which means that part of the magic is a media gateway that knows how to talk both SS7 and SIP. So SIP networks have TDM customers, and your Granny may already be using IP without even knowing it.

So does VoIP exist? When IP is such a fundamental tool in what we know as “legacy” telco networks, perhaps it does not. Consequently does VoIP Security exist? Well as we’ve often discussed here at the VoIPSA blog before, when you start moving voice traffic over your IP network, then you have all the voice system vulnerabilities plus all the IP vulnerabilities that just arrived at your doorstep. Perhaps actually the truth is that nearly all voice is already VoIP, so VoIP security is not just an enterprise concern, but is actually a core issue for every telco on the planet.

Poll: What do you see as the top VoIP threats for 2008?

Over on his site, Peter Thermos is now running a poll asking the question: what do you see as the top VoIP threats for 2008?

Why not fill it out? It’s completely anonymous and, being self-selected it’s not overly scientific, but hey, it could be an interesting snapshot of the people who have found his site.

Technorati Tags:

Hacking ZyXEL Gateways

An interesting paper recently published by Adrian Pastor of ProCheckup discusses vulnerabilities and attacks against ZyXEL gateways, including (yikes) Remote wardriving/attacking internal networks over the Internet, among others:

  • Privilege escalation from “user‟ to “admin‟ account
  • SNMP read and SNMP write access enabled by default
  • Persistent XSS via SNMP
  • Poor session management allows hijacking of admin sessions
  • Authentication vulnerable to replay and password cracking attacks
  • Disclosure of credentials
  • Considering the code reuse among various products made by most vendors of these residential gateways, not to mention the widespread deployment by service providers, I think it would be quite interesting for VOIPSA folks to expand on Adrian Pastor’s work and pursue this type of testing on some of the VoIP gateway products that ZyXEL offers, specifically the Analog Telephone Adapter, Station Gateway and Integrated Access Device to start. Also, the web interface of embedded devices like these are especially problemmatic from a security perspective, and it’s well worth a look at another one of Adrian Pastor’s papers over at OWASP.

    “So what” you might say about the security of these types of devices? Well, SANS diary notes some strange things afoot at the Circle K with Dlink, and there is the recent BT Home Hub CVE-2008-1334 vulnerability. More routers and details at GNU Citizen’s router hacking challenge.

    Four new security vulnerabilities in Asterisk – time to upgrade!

    Earlier this week, the team at Digium released four new security vulnerabilities:

    The solution is, predictably, to upgrade to the latest version of whichever stream of Asterisk you are using.

    Technorati Tags:
    , , , , , ,

    FBI VoIP Surveillance Requirements Leaked

    Wikileaks recently published a leaked 88 page document entitled FBI Electronic Surveillance Needs for Carrier-Grade Voice over Packet (CGVoP) Service (PDF), which is part of the CALEA Implementation Plan published in January 2003. The document describes detailed FBI requirements for surveillance of phone calls made utilizing packet networks as their transport. The document broadly defines CGVoP Service as:

    “The set of subscription-based voice services and features provided over carrier-managed packet networks, and includes wireline and wireless services.”

    The document covers such surveillance events as:

    • Registration and Authorization events including address registration and de-registration, mobility authorization and de-authorization
    • Call Management events including call origination, termination, answer, call release, address resolution, admission control, and media modification
    • Signaling events including subject signaling, network signaling, and post-cut-through dialing and signaling
    • Feature Use events including call redirection, party hold, party retrieve, party join, party drop, call merge, and call split
    • Communication Content events including content delivery start, change, and stop, as well as content unavailable
    • Feature Management events including feature activation and deactivation
    • Surveillance Status events including surveillance activation, continuation, change, and deactivation.

    The document also discusses authorized access to identifying information and communication content, and more generalized surveillance requirements. It looks like they’ve fairly well covered the bases…

    Info on how to listen remotely to today’s RUCUS session at IETF

    ietflogo-1.jpgIf you are interested in listening in to today’s session here at IETF about “Reducing Unwanted Communications Using SIP” (RUCUS) which I’ve mentioned previously, I’ve posted information about how to participate in IETF remotely. The RUCUS session takes place from 1300-1500 US Eastern time today.

    Streaming audio should be available on ietf71-ch4.

    Jabber group chat should be available as well, but I don’t know yet in which chat room it will be. There isn’t yet a chat room on the IETF server for ‘rucus’. I’ll update this post once I know where the chat room is.

    UPDATE: A request is in to create the ‘’ room. If that room isn’t created in time, we’ll use the SIPPING room at ‘’. We’ll announce on the streaming audio which one we are using.

    Technorati Tags:
    , , , ,

    buy viagra
    buy viagra online
    viagra online
    discount viagra
    order viagra
    cheap viagra
    generic viagra
    generica viagra
    viagra buy
    viagra price
    order viagra online
    viagra generic
    viagra pill
    where buy viagra
    buy viagra cheap
    viagra order
    get viagra
    buy online viagra
    online viagra
    viagra sale online
    where to buy viagra
    cheapest viagra
    purchase viagra
    cheap viagra online
    viagra buy online
    buying viagra
    buy viagra on
    generic viagra canada
    prescription viagra
    buy viagra norway
    generic viagra pack
    buy viagra in nevada
    buy viagra now online
    viagra online buy
    find viagra online
    buy cheap viagra online
    cheap generic viagra
    buy cheap viagra
    generic viagra online
    viagra sale
    generic viagra cheap
    buy viagra on line
    where buy generic viagra
    viagra online bestellen
    viagra prescription online
    generic online viagra
    low price viagra
    cheapest viagra price
    buy generic viagra
    viagra uk
    viagra online prescription
    cheap est viagra
    viagra soft tab
    viagra discount
    viagra cheap
    where to buy viagra on line
    buying viagra online
    buy viagra now
    purchase viagra online
    viagra pharmacy
    natural viagra
    buy viagra in canada
    viagra paypal
    viagra on line
    viagra 100mg
    viagra without prescription
    cheapest place to buy viagra online
    generic Cialis
    buy cialis
    buy cialis online
    cialis online
    online cialis
    order cialis
    cheap cialis
    discount Cialis
    generic cialis price
    cialis prescription
    buy cialis generic
    cialis online discount
    cheapest cialis
    buy discount cialis
    purchase cheap cialis online
    order cialis online
    cialis for sale
    cialis price
    purchase cialis
    cialis online pharmacy
    buy Cheap Cialis
    cialis story
    generic cialis online
    best cialis price
    cheapest cialis generic
    order generic cialis
    low cost cialis
    buy cialis generic online
    buy levitra
    cheap levitra
    levitra online
    buy levitra online
    order levitra
    order levitra online
    cialis levitra
    generic levitra
    online levitra
    buy cheap levitra
    discount levitra
    levitra sale
    buy generic levitra
    levitra online pharmacy
    levitra price
    purchase levitra
    cheap levitra online
    levitra story
    levitra on line
    levitra prescription
    levitra cheap
    best price for levitra
    buy xanax
    buy phentermine
    buy lasix
    buy tramadol
    buy tramadol online
    tramadol online
    cheap tramadol
    order tramadol
    tramadol hcl
    ultram tramadol
    tramadol prescription
    online tramadol
    tramadol sale
    purchase tramadol
    buy cheap tramadol
    order tramadol online
    overnight tramadol
    tramadol cheap
    tramadol pharmacy
    discount tramadol
    tramadol hydrochloride
    tramadol 50mg
    cheap tramadol online
    generic tramadol
    buy clomid
    buy prozac
    buy cipro
    buy diflucan
    buy acomplia
    buy lexapro
    buy flagyl
    buy propecia
    order propecia
    cheap propecia
    propecia online
    order propecia online
    buy propecia online
    generic propecia
    compare propecia
    propecia without prescription
    propecia prescription
    propecia pill
    discount propecia
    online propecia
    cheapest propecia
    get propecia
    propecia order
    propecia price
    propecia uk
    propecia cost
    propecia sale
    purchase propecia
    buy cheap propecia
    propecia sale online
    buy online propecia
    online pharmacy propecia
    online prescription propecia
    buy generic propecia
    buying propecia
    buy propecia now
    buy fosamax
    buy kamagra
    buy clomid online
    buy prozac online
    buy cipro online
    buy diflucan online
    buy acomplia online
    buy lexapro online
    buy flagyl online

    Web page for RUCUS BOF at IETF 71 now at new URL

    ietflogo-1.jpgAs I mentioned previously (here and here), the “RUCUS” BOF about voice spam at IETF 71 in Philadelphia is one of great interest with its focus on voice spam, a.k.a. “SPam for Internet Telephony” or “SPIT”. Unfortunately BOF co-chair Hannes Tschofenig ran into a problem with his domain and had to move the page to a new URL:

    If you saved the URL or sent it on to someone, you’ll need to update to using the new URL. If you didn’t visit the RUCUS page before, please do check it out – and feel free to join the RUCUS mailing list. Of course, if you can, please do join us in person in Philadelphia!

    Technorati Tags:
    , , , , ,