[VOIPSEC] VoIP vulnerabilities summarization

Ing. Pavel González García pavel at cecat.cujae.edu.cu
Wed Dec 14 07:33:35 CST 2005 

Hi Sukery

I think you made a good summarization of the vulnerabilities and I agree 
with what you say.

Sukery i need your help.
I′m from cuba and in this moment i′m working in an project with title "Qos 
in VoIP with security" as the title said my problem
is relationated with have a high level of QoS on real voip networks.

For example:

What happend with the QoS if a used an Firewall or VPN or NAP or IPSec on 
voip networks.

Which is better yo use on voip networks SIP or H.323???

I need information about this terms if u have anything relationated with it, 
please send me.

Best regards,
Ing. Pavel González G.
Administrador RED CECAT. CUJAE
Telf: 2663843,2663827
pavel at cecat.cujae.edu.cu


----- Original Message ----- 
From: "sukery" <sukerry at 126.com>
To: <Voipsec at voipsa.org>
Sent: Wednesday, December 14, 2005 8:40 AM
Subject: Re: [VOIPSEC] VoIP vulnerabilities summarization


>
> Hi Janne:
> thank you for your comment, I totally agree with what you said.
> I am a graduate student , our project is focused on VoIP security, we 
> firstly study the vulnerabilities of voip related protocols(especially 
> SIP), then define some attack senarios according to these vulnerabilities 
> we discovered and realize all these attacks, finally we test our attack 
> system on real voip networks ( supplied by an international famous voip 
> manufacturer). the attacks includes:
> exception-packet attack against server
> dos attack against server
> disturbance call attack against endpoints
> pseudo call attack against endpoints
> call leaflet attack against endpoints
> sip passwork crack
> voice eavesdropping (and maybe voice replacement and voice disturbance)
> voice broadcast & call leaflet attack against pstn terminals(via voip 
> gateway)
> and maybe more
>
> I am very very sorry to say that due to the confidentiality of this 
> project , I can not make our attack system public yet. that's the meaning 
> of the sponsor of this project .
> anyway , I like to discuss with you as much as possible  :)
>
>
>>Hi Sukery,
>>
>>I think you made a good summarization of the vulnerabilities and I agree
>>with what you say.
>>
>>But I think several of the problems you mention can be solved by using
>>TLS to protect the signalling and SRTP to protect the media as described
>>in existing standards and drafts. These technologies may not be widely
>>spread among existing implementations but they exist and your list
>>provides some good reasons that may motivate others to follow.
>>
>>I'm also interested in what tool you used.
>>
>>Cheers
>>/Janne
>>
>>> 2.SIP reuses  authentication mechanism from HTTP protocol ,in fact
>>Http
>>> authentication is totally imperfect when applied to SIP protocol,for
>>that
>>> it is a single-direction authentication, which means that only the
>>server
>>> authenticates the endpoints,the endpoints do not authenticate the
>>> server,this situation makes it easy to deceive endpoints because they
>>do
>>> not authenticate any entity in the network. Pseudo call (call someone
>>with
>>> a false user id) ,server impersontation are dangerous attacks due to
>>this
>>> vulnerability
>>>
>>> 3. SIP communication is based on message transaction, however sip
>>> transaction mechanism is quite complicated.for example, when  a
>>stateful
>>> proxy server receives a sip request message, it firstly computes the
>>> transaction ID for this message,if the transaction ID is not existed
>>> before, this request message is regarded as  a new message, the server
>>> will do a lot things for this new message:  save this message, create
>>a
>>> finite statemachine for this message, construct a provisional response
>>> message and send it back, save this response message,update the finite
>>> statemachine, decide the next hop of this request message basing on
>>the
>>> complex routing rules,transfer the request message, create one or more
>>> client transactions for the request message ...these steps surely
>>consume
>>> lots of CPU and memory resources.  as a result,the server is
>>susceptible
>>> to DoS Attacks when a hacker continually sends large quantities of SIP
>>> request messages with different Call-ID
>>>
>>> 4.Un-encrypted media stream such as RTP data is easy to be wiretapped
>>>
>>> 5.almost all VoIP software has some code flows, in this case,even a
>>> malicious packet may bring down the server, we call this packet
>>exception
>>> packet, in fact we have found exception packets againtst both sip
>>servers
>>> and h.323 servers
>>>
>>> 6.voip endpoints are much more intellectualized than traditional PSTN
>>> terminals,however,when this capability is abused,a lot of  malicious
>>> network attacks appear:
>>>      disturbance call
>>> call leaflet
>>>      voice broadcast
>>>      and more...
>>>
>>>
>>> >Chris
>>> >
>>> >I'm pretty heavily involved in SIP standards development, and have
>>been
>>> for
>>> >some time.  I talk regularly with the kind of folks that I think
>>would
>>> know
>>> >if their stuff had been "hit".  I know about plenty of attacks on the
>>> >underlying infrastructure, including the platform attacks.  I have
>>NEVER
>>> >heard even a whisper of an actual attack on VoIP equipment that used
>>> >exploits specifically related to SIP (which I don't think is
>>> substantially
>>> >better or worse than other VoIP protocols).
>>> >_______________________________________________
>>> >Voipsec mailing list
>>> >Voipsec at voipsa.org
>>> >http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>>
>>>
>>>
>
>
>
>
>


--------------------------------------------------------------------------------


> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>

More information about the Voipsec mailing list