[VOIPSEC] Additional Security Testing Tools

[Mark Collier]

David Endler and I posted several new tools on our "Hacking Exposed"
website, http://www.hackingvoip.com/. We also provided updates and better
README files for some of the existing tools. Here is a quick summary of the
new tools:
o rtpinsertsound/rtpmixsound - these tools take the contents of a .wav or
tcpdump format file and insert or mix in the sound. These tools require
access (but not MITM) to the RTP stream, so they can properly craft sequence
numbers, timestamps, etc. rtpinsertsound, with the right timing, can be used
to add words or phrases to a conversation. rtpmixsound can be used to merge
in background audio, like noise, sounds from a "gentlemans club", curse
words, etc., etc. These tools have been tested in a variety of vendor
environments and work in pretty much any environment, where encryption isn't
used. 
o redirectpoison - this tool works in a SIP signaling environment, to
monitor for an INVITE request and respond with a SIP redirect response,
causing the issuing system to direct a new INVITE to another location. This
tool requires access to the SIP signaling, but does not have to operate
MITM. We tested this tool with the Asterisk and SER SIP proxies, along with
a variety of SIP phones.
o spitter - this tool works in conjunction with Asterisk, to set up a voice
SPAM/SPIT generation platform. Once Asterisk is set up, spitter is used to
schedule any number of calls, using your choice of audio files. 
The tools come with README files, so they should be pretty easy to use.
Please let us know what you think. We are particularly interested in results
for the rtpxxxsound tools. A number of us "security experts" have been
warning of these attacks, but this is the first set of tools I have seen
that actually accomplish them.