Voice of VOIPSA » Mark Collier

Voice/Unified Communications Security: State of Security Report Webinar

Mark Collier — Wed, 30 Mar 2011 14:35:30 +0000

We at SecureLogix are hosting a webinar today to cover the Voice and Unified Communications: State of Security Report today at 1:00 CST along with the folks from NoJitter. Here is a link to the webinar registration page.

State of Communications Security Report is Live

Mark Collier — Mon, 07 Mar 2011 17:12:42 +0000

Here is a link to the SecureLogix State of Communications Security Report. It is currently at the NoJitter site. We will post it to our website and here in a couple of weeks.

http://www.nojitter.com/sponsoredcontent/view/cid/3900003

This is the first time ever that anyone has released a security report that is focused on voice/VoIP/communications. The report describes voice security trends and includes a ton of data from 100′s of assessments, that backs up the trends we present.

More on Telephony Denial of Service (TDoS) Attacks

Mark Collier — Wed, 07 Jul 2010 22:56:19 +0000

I assume most everyone has seen the FBI press release on Telephony Denial of Service (TDoS). For those who have not, see:

http://newark.fbi.gov/pressrel/pressrel10/nk051110.htm

I am also seeing the term used to describe enterprise-directed DoS, where an attacker typically floods a contact center with calls. I have recently worked with both enterprises, service providers, and hosted IVR companies that have seen these attacks. The current motive seems to be traffic pumping/revenue generation, not DoS per se, but the side impact is that operation at the target sites is degraded or seriously disrupted, depending on call volume and trunk capacity. Interestingly, the targets I have talked to are primarily using TDM trunks, while the attackers (according to the service providers I have talked to) are using VoIP. I have a post on my blog with more information:

http://voipsecurityblog.typepad.com/marks_voip_security_blog/2010/06/more-on-telephony-dos-tdos.html

Is anyone else seeing these attacks?

Additional VoIP Attack Tools

Mark Collier — Mon, 30 Oct 2006 20:12:22 +0000

David Endler and I posted several new tools on our “Hacking Exposed” website, www.hackingvoip.com. We also provided updates and better README files for some of the existing tools. Here is a quick summary of the new tools:

rtpinsertsound/rtpmixsound – these tools take the contents of a .wav or tcpdump format file and insert or mix in the sound. These tools require access (sniffing of the VoIP traffic but not necessarily MITM) to the RTP stream, so they can properly craft sequence numbers, timestamps, etc. rtpinsertsound, with the right timing, can be used to add words or phrases to a conversation. rtpmixsound can be used to merge in background audio, like noise, sounds from a “gentlemans club”, curse words, etc., etc. These tools have been tested in a variety of vendor environments and work in pretty much any environment, where encryption isn’t used.
redirectpoison – this tool works in a SIP signaling environment, to monitor for an INVITE request and respond with a SIP redirect response, causing the issuing system to direct a new INVITE to another location. This tool requires access to the SIP signaling, but does not require a MITM (Man-in-the-middle attack). We tested this tool with the Asterisk and SER SIP proxies, along with a variety of SIP phones.
spitter – this tool works in conjunction with Asterisk, to set up a voice SPAM/SPIT generation platform. Once Asterisk is set up, spitter is used to schedule any number of calls, using your choice of audio files.

The tools come with README files, so they should be pretty easy to use. Please let us know what you think. We are particularly interested in results for the rtpxxxsound tools. A number of us “security experts” have been warning of these attacks, but this is the first set of tools I have seen that actually accomplish them.