[VOIPSEC] Actual Attacks

Christopher A. Martin chris at sip1.com
Sat Feb 19 03:50:29 GMT 2005 

Just some quick tips on these concerns...

- Unless there has been an update vomit it is only good against legacy
skinny protocol (Cisco call manager deployments)...

- If you are deploying switched networks in your LAN infrastructure, where
VoIP is deployed, you will immediately reduce your chances of successful
packet capture...if you are on shared medium even tools such as ethereal can
play back media for public domain codec's... and many commercial product
also replay very nicely.

- Dedicated Voice VLANS are also a good recommendation in the switched
environment (Cisco has some good literature on their SAFE model, which can
be Googled very quickly). This can be implemented whether or not the VoIP
client supports VLAN capability (unless it is a soft client on a PC, in
which case it is a hostage to the host.

- Standard DoS today in terms of flooding cannot be stopped, but it can be
handled in the Internet backbone (which often occurs transparently
so the rest of us don't see it). 

- Also standard precautions, such as deploying SIP aware firewalls or border
controllers which handle the media dynamically prevent a majority of port
scans and other direct attacks which low end devices are typically
susceptible to.

- Don't hesitate to commission VoIP consulting expertise to aid in
deployment. Many good shops exist that can reduce the risk very quickly and
create an immediate return on investment. (This can be hard to justify even
with traditional data networking but with today's regulatory requirements
has become a high priority) 

There are measures for WAN deployments as well...

The big thing is to take the common sense approach to deployment... shore up
the traditional vulnerabilities and then focus on VoIP (Unless it is already
deployed)...if the traditional exploits exist on the existing data
environment all bets are off (the solution may be compromised before it is
even deployed).
________________________________

Christopher A. Martin
P.O. Box 1264
Cedar Hill, Texas 75106
 
Domains.SIP1.com
http://domains.sip1.com 
Low cost domain name registration & other Internet services.
 
Sign up for your PayPal merchant account today and start selling your
products on line today!
https://www.paypal.com/us/mrb/pal=Q622ZEE3CUWM8
 

-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of David Chitolie
Sent: Friday, February 18, 2005 7:02 AM
To: Robert Rolen; <Voipsec at voipsa.org> <Voipsec at voipsa.org>
Subject: Re: [VOIPSEC] Actual Attacks

Hi All,

Although I have been involved in IP systems for many years I am fairly 
new to VoIP and have a new project to deploy many VoIP systems around 
the world.

 From what I have found on the web it seems like Vomit (Voice over 
Misconfigured Internet Telephony) SPIT (SPAM over internet technology) 
and DOS (Denial of Service) are the most common form of expected 
attacks to VoIP systems.

VOMIT allows users to save telephone conversations to a .wav file from 
a tcpdump file. I am guessing that the risk here is with LAN users 
running tcpdump to capture traffic and in a switched environment this 
will not be very easily achieved unless ARP redirect or switch port 
monitoring is used by an employee.

SPIT - (unwanted messages clogging up your voice mail box) This is not 
a problem now but there are lots of warnings to be aware it may happen 
soon.

DOS - This sounds like a real threat as IP DOS attacks are already here 
in standard IP networks and from the reply by Christopher Martin it 
looks to be a problem already.

Has anyone found a database of help or known security concerns?

I have found a useful sites for SIP security and SIP firewalls: 
http://www.sipcenter.com/sip.nsf/html/Firewalls+Security

David Chitolie
Freelance Project Manager


On 17 Feb 2005, at 12:30, Robert Rolen wrote:

> Has a catalog or database been established to report and track actual 
> attacks against VOIP systems.  I realize there are typical internet 
> attacks (spoofing, Trojans, sniffers, denial of service), but are the 
> attacks being documented to track the increase in attacks.
>
>  There are a lot of telecommunications managers that are not talking 
> with the IT departments and some of the IT departments see the 
> telephone system as just another responsibility added to their staff.
>
> The trend of convergence for all security systems (Access Control, 
> CCTV, Alarms) into IP networks is rapidly becoming a reality.
>
> Is there a trend to continue the isolation of the telephone system 
> from the office LAN?
>
> A storybook of problems, incidents and trends would go a long way to 
> enhance the VOIP protection budget.
>
> Any Thoughts?
> Bob Rolen
> Birmingham, Al
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
Regards

David
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list