Protocolo sip

Disponível somente no TrabalhosFeitos
  • Páginas : 5 (1051 palavras )
  • Download(s) : 0
  • Publicado : 3 de abril de 2013
Ler documento completo
Amostra do texto
Session Initiation Protocol
(SIP) Vulnerabilities
Mark D. Collier
Chief Technology Officer
SecureLogix Corporation

What Will Be Covered
Introduction to SIP
General SIP security
SIP vulnerabilities and attack tools
Recommendations
Links

SIP Introduction
Session Initiation Protocol (SIP):
Is a general-purpose protocol for managing sessions
Can be used for any type of sessionProvides a means for voice signaling
Defined by the IETF (looks like an Internet protocol)
Resembles HTTP
ASCII requests/responses

SIP Introduction
Why is SIP important:
Generally viewed as the protocol of the future
Designed to be simple (it’s not) and extensible
Supported by major vendors (sort of)
Used by many service providers
Provides a foundation for application support
Will beused for public VoIP access

SIP Introduction
Public
Voice
Network

TDM Phones

SIP Trunk
IP
PBX

IP Phones

Voice VLAN
Data VLAN

Internet

Internet
Connection

PCs

SIP Components
Proxy

User Agents
SDP
SIP

Codecs
RTP
RTCP

TCP
IPv4

UDP
IPv6

SIP Call Flow
Proxy

SIP/SDP
UDP/TCP

Proxy

SIP/SDP
UDP/TCP

SIP/SDP
UDP/TCP
RTP/RTCP
UDPUser

User

SIP Vulnerabilities
Security issues with SIP:
SIP is a complex, free format protocol
SIP itself does not require any security
Security mentioned in SIP RFC, but not required
Security degrades to common feature set
Security is not mandatory even if available
UDP is commonly used for SIP transport
Network Address Translation (NAT) breaks security
Data firewalls do notmonitor SIP

SIP Vulnerabilities
SIP-Specific Vulnerabilities:
Eavesdropping
General and directory scanning
Flood-based Denial of Service (DoS)
Fuzzing Denial of Service (DoS)
Registration manipulation and hijacking
Application man-in-the-middle attacks
Session tear down
check-sync reboots
Redirect attacks
RTP attacks
SPIT

Eavesdropping
Proxy

Proxy

User

Attacker

User Eavesdropping Tools

Eavesdropping Tools

Eavesdropping Tools

General/Directory Scanning
Proxy

Proxy

INVITE, OPTION, or
REGISTER
Requests

Attacker

General Scanning Tools
Nmap has the best VoIP fingerprinting database
nmap -O -P0 192.168.1.1-254
Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-02-20 01:03 CST
Interesting ports on 192.168.1.21:
(The 1671ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
23/tcp open telnet
MAC Address: 00:0F:34:11:80:45 (Cisco Systems)
Device type: VoIP phone
Running: Cisco embedded
OS details: Cisco IP phone (POS3-04-3-00, PC030301)
Interesting ports on 192.168.1.23:
(The 1671 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
80/tcp open http
MACAddress: 00:15:62:86:BA:3E (Cisco Systems)
Device type: VoIP phone|VoIP adapter
Running: Cisco embedded
OS details: Cisco VoIP Phone 7905/7912 or ATA 186 Analog Telephone Adapter
Interesting ports on 192.168.1.24:
(The 1671 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
80/tcp open http
MAC Address: 00:0E:08:DA:DA:17 (Sipura Technology)
Device type: VoIP adapterRunning: Sipura embedded
OS details: Sipura SPA-841/1000/2000/3000 POTSVoIP gateway

General Scanning Tools

Directory Scanning Tools

Directory Scanning Tools
Linux tools:
dirscan – uses requests to find valid UAs
authtool – used to crack digest authentication

Denial of Service
Registrar

User

Proxy

Media
Gateway

FW/NAT

FW/NAT

Every Component
Processing
Signalingor Media
Is A Target

Proxy

Media
Gateway

Registrar

User

Flood-based Denial of Service
INVITE, REGISTER
Floods

SIP
Proxy

Flood
Application
On PC

SIP Phone

SIP Phone

SIP Phone

SIP Phone

Flood-based Denial of Service Tools

Flood-based Denial of Service Tools
Linux tools:
inviteflood – floods target with INVITE requests
registerflood – floods...
tracking img