Re: Voip security

From: Marco Ivaldi (raptor@0xdeadbeef.info)
Date: Mon Nov 27 2006 - 05:15:29 EST

Hey pen-test,

On Sat, 25 Nov 2006, Mike Klingler wrote:

> 2) They also had the H.323 protocol available, but SiVUS doesn't
> support scanning of that protocol yet. Anyone know of tools,
> methodologies to test this protocol?

I'm currently writing the Voice over IP chapter for the next edition of
the Hacking Linux Exposed book. While working on it i've developed a VoIP
testing methodology, which i'm also planning to release together with the
next version of the OSSTMM (http://www.osstmm.org/).

While performing the research aimed at creating my attack taxonomy, i've
evaluated several free software products to determine their effectiveness
at auditing VoIP networks: unfortunately, most tested tools were found of
limited usefulness inside real-life scenarios. You should therefore employ
these tools with caution, not overly relying on them to properly secure a
VoIP deployment.

That said, the situation is rapidly evolving and in the next months a huge
growth is expected in this area. Here follows a list of the best free
tools you may find useful for VoIP testing (yeah, there's not a lot of
readily-available software for H.323 yet):

1) Signaling protocols implementation testing

- OpenH323 code
   http://www.openh323.org/
- PROTOS c07-H2250v4
   http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4/
- SiVuS (you already know it;)
   http://www.vopsecurity.org/index.php?name=Downloads&req=viewdownload&cid=1
- PROTOS c07-SIP
   http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
- SFTF
   http://www.sipfoundry.org/sftf
- SIPsak
   http://www.sipsak.org
- Smap
   http://www.wormulon.net/index.php?/archives/1125-smap-released.html
- SIP bomber
   http://www.metalinkltd.com/downloads.php
- SIPp
   http://sipp.sourceforge.net/
- NastySIP
   http://phoenix.labri.fr/documentation/sip/Documentation/Material/Clients/Tools/Test/NastySIP/SX%20Design.htm
- SIPNess
   http://www.ortena.com/files/Messenger.zip
- Skora.net
   http://skora.net/voip/attacks/
- Hacking VoIP Exposed tools
   http://www.hackingexposedvoip.com/sec_tools.html
- Scapy
   http://www.secdev.org/projects/scapy/

2) Signaling protocols analysis and traffic monitoring

- SIPcrack
   http://www.remote-exploit.org/index.php/Sipcrack
- SIPv6 Analyzer
   http://pcs.csie.nctu.edu.tw/~yhsung/sipv6_analyzer/
- NetDude
   http://netdude.sourceforge.net/
- Callflow
   http://callflow.sourceforge.net/
- Callplot
   http://sourceforge.net/projects/callplot
- SIP Scenario
   http://www.iptel.org/~sipsc/

3) Transport protocols implementation testing

- Ohwurm
   http://mazzoo.de/d/ohrwurm-0.1.tar.bz2

4) Transport protocols analysis and traffic monitoring

- VoIPong
   http://www.enderunix.org/voipong/
- Vomit
   http://vomit.xtdnet.nl/
- Oreka
   http://oreka.sourceforge.net/
- Wireshark
   http://www.wireshark.org/
- Cain & Abel
   http://www.oxid.it/

Hope this helps;) 

-- 
Marco Ivaldi
Antifork Research, Inc.   http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233  0394 EF85 2008 DBFD B707
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:22 EDT