Two new versions of existing open source VoIP software were recently released and deserve mention.
Last week, the folks at SIPfoundry released the 4.0 version of their SIP server, sipXecs. I don’t hear a lot of talk about sipXecs so let me say a few things about it here:
* it’s a great SIP software proxy/registrar package, with an active development and support community
* It’s free.
* It has a distributed component software design, which optimizes HA configurations for clustering
* It has a very intuitive web console GUI, and it has a bootable CD with all software pre-loaded on it
* Great documentation wiki. For example, I had set up a working SIP trunk configuration in under five minutes.
This is not to take away from other high quality open source SIP server software projects like opensips, but I’ve been using and testing the previous version of sipXecs for a while now, and love this software. I’ve just started testing this exciting new 4.0 release. The most noticeable feature of this release is full sip trunking and remote worker support (far-end and near-end NAT traversal, and HA media anchoring). What this means is that you have a full solution for running your own SBC and SIP Proxy. The sipxbridge component of sipXecs is the SBC software component. With sipXecs and sipxbridge, you can set up a proof of concept service provider network in your home, set up an enterprise lab for interop testing and comparison to commercial SBC vendors, use the software for a security testing demo toolkit, or just use the solution to register your remote phones into your network, and place outbound calls. Great job and thanks to SIPfoundry for this work.
A new version of the VoIP Hopper security assessment tool was released earlier this week, with Nortel VLAN Discovery support. VoIP Hopper is a free security assessment tool that supports VLAN Hopping – in essence, it mimicks the behavior of an IP phone for the Voice VLAN Discovery protocol or mechanism. Then it rapidly automates a VLAN Hop, tagging the DHCP request and all subsequent Voice traffic with the discovered Voice VLAN ID. Since most new VoIP deployments use the segmentation of discrete Voice VLANs for increasing QoS requirements, an attacker must sometimes first gain access into the Voice VLAN as a prerequisite vector, before running other VoIP exploits. VoIP Hopper enables a regular PC to become a member of the IP Phone VLAN. The tool is simple yet powerful, and has been used in many security assessments in the past. The new features of VoIP Hopper:
* Nortel Voice VLAN Discovery and VLAN Hop
* A new CDP Spoof mode for more rapid and automated VLAN Hop in a CDP network
* An integrated DHCP client
From the VoIP Hopper website, the next features planned for VoIP Hopper are LLDP-MED support and trunk port testing.
Finally, I recently used the SIPVicious tool in a remote VoIP security assessment, and it’s a very useful tool that any VoIP security professional should have. When you look at the business risk of toll fraud / service theft, this tool can be pretty valuable in enumerating vulnerabilities that can be a risk to your business in the form of remote attackers trying to gain unauthorized access to your VoIP network and placing unauthorized calls. As VoIP proliferates, we’ll see more usage of tools like this to conduct reconnaissance of open SIP services, valid users, and the brute forcing of subscriber/user passwords. On the proactive protection side, it’s also good to see folks contributing open source proof of concepts for mitigating this risk. Here is a “Simple Asterisk Based Toll Fraud Prevention Script”. If you use an active response firewall/IDS/IPS solution, you could actually detect the attempts to toll fraud/service theft attacks based on a signature, and have your VoIP IPS and/or firewall block the source IP address of the would-be attacker. It’s called a “Voice Toll-Fraud Intrusion Prevention System” (VTIPS) ;-). Good to see open source software progress in this direction.