[VOIPSEC] VOIP for free??

Andrew Graydon securityrequirements at voipsa.org
Wed Apr 13 07:48:10 CDT 2005 

Thanks Ammar for putting in English the point I made earlier in SS7 babble
:) It's an interesting area which makes me wonder what the major objections
are, and the reason behind them :) Personal opinion only of course.

_____

Andrew Graydon

Chair Security Requirements Committee
VOIPSA

agraydon at voipsa.org
 <http://www.voipsa.org/> http://www.voipsa.org 

 

  _____  

From: Ammar Alammar [mailto:ammar.alammar at gmail.com] 
Sent: April 13, 2005 3:02 AM
To: Scott Keagy
Cc: Diana Cionoiu; Michael Shields; Smith, Donald; voipsec at voipsa.org;
securityrequirements at voipsa.org
Subject: Re: [VOIPSEC] VOIP for free??


I must agree.

Furthermore, mobile (cell in US) phones do not guarantee 000 (911 in US)
calls simply due to local signal reception interference as well as Coverage.
This seems to be widely accepted and understood without legal ramifications.
So, what makes other voice-based services any different?

I believe that the answer lies in 'what an organisation claims or provides
the impression of selling'. For instance, a Telco in Australia can be sued
for breaching a 'Trade Practices Act' (similar to anti-trust but with
consumer extensions) if it sells a 'life-line' service but can not deliver
on it.

However, if a Telco sells a 'social-telephony VoIP' and clearly positions
the voice service as a non-life-line service, then there should be no
problem - although I am not a lawyer !

Regards,
Ammar


On 4/13/05, Scott Keagy <Scott.Keagy at webex.com> wrote: 

Actually, it's not very difficult to get in the middle. Here are a variety
of points of vulnerability that enable someone to get in the middle:

DNS (modify entries to point all traffic to a hacker's machine)
DHCP (make all traffic go to hackers machine as default gateway, or change
DNS entry to point at hacker's machine so all names resolve to hacker's IP
addr)
ARP (reply with hacker's MAC address, gratuitous ARPs or regular ARP 
replies)
Flood CAM tables in switches to destroy existing MAC addr/port associations
so all traffic is broadcast out every port, and then use ARP attacks)
Routing protocols (change routing such that traffic physically passes 
through a router/machine controlled by hacker)
Spanning tree attacks to change layer 2 forwarding topology
Various control protocols that switches use such as VTP
Physical insertion (e.g. PC with dual NIC cards) 

These are just some of the mechanisms to become a man-in-the-middle.

Each of these can be performed in most Fortune500 companies today with
relative anonymity (just need to have access to the network as a disgruntled

employee or through social engineering). There are a variety of solutions
proposed or recently available, but they are far from widely deployed.
Example technologies that could thwart many of these attacks: DNSSEC, 
authenticated routing protocols, 802.1x, 802.11i (applied to wired ethernet
to authenticate every Ethernet frame), port-based ACLs on layer 2 switches,
and various specific fixes in layer 2 switches to harden against control 
protocols and restrict the forwarding of unnecessary traffic.

Regards,
Scott


-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto: Voipsec-bounces at voipsa.org] On
Behalf Of Diana Cionoiu
Sent: Monday, April 11, 2005 7:59 AM
To: Michael Shields
Cc: Smith, Donald; voipsec at voipsa.org; securityrequirements at voipsa.org
Subject: Re: [VOIPSEC] VOIP for free??

Hello Michael,

I was refering on the fact that you have to be in the middle (as in man in 
the middle), which is far more complicated then you may think.

Diana

> Diana Cionoiu wrote:
> > RTP is not trivial to be listen,
> > and anyway who can listen you phone calls also can see your yahoo, 
> > icq, msn,irc  messages, so i think first we should solve those
> > things and then go after plain VoIP.
>
> I am not sure why you say this.  For over two years, Ethereal has been
> able to decode RTP streams and save the audio into a file.  This only 
> takes a few clicks, and with a little time you could automate it
completely.
>
> It is true that other more widely used protocols also have
> vulnerabilities, including DNS, SMTP, and HTTP.  However, work on VOIP 
> security does not block work on other protocols, so that is no reason
> to put VOIP security work on hold.  It is easier to fix problems now
> while the protocols are still in relatively limited deployment. 
>

_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
<http://voipsa.org/mailman/listinfo/voipsec_voipsa.org> 
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
<http://voipsa.org/mailman/listinfo/voipsec_voipsa.org> 





-- 
Regards,
Ammar
_____________________________________
Free yourself, Open new doors ... OpenSource
www.OpenSource.com

More information about the Voipsec mailing list