SlideShare a Scribd company logo

Info secvoip

Quobis
Quobis
Technology
1 of 23
Download to read offline
InfoSec & VoIP Laboratorio de conmutación Jesús Pérez Rubio jesus.perez@quobis.com @jesusprubio 25/09/2012 http://www.quobis.com
Contents - VoIP fraud examples - VoIP threats "in the wild" - VoIP & DoS (flood) - Demo: Metasploit SIPflood module - Countermeasurements - Exercise notes
VoIP fraud examples (I) - 1 month -> 60.000 $ - 1/2 day -> 23.000 min. -> 15.000 euros - 46 h. -> 11.000 calls -> 120.000 $ - 500.000 calls -> 1.000.000 $ ... - http://shadowcommunications.co.uk/ (Offline) - 1.500.000 calls - 11.000.000 euros - 42 individuals
VoIP fraud examples (II)
VoIP threats "in the wild" - NO eavesdropping, password cracking, etc. (this time) -> Encryption - Extension/password brute-force - INVITE attack - Default web panel passwords - DoS/DDoS flood
Extension/password brute-force (I)
Extension/password brute-force (II)
INVITE attack sip:+442032988741 sip:+000442032988741@XX.YY.ZZ.189 sip:1442032988742@XX.YY.ZZ.189
INVITE attack sip:+442032988741 sip:+000442032988741@XX.YY.ZZ.189 sip:1442032988742@XX.YY.ZZ.189 - INVITE authentication -> Kamailio WIN!
Default web panel passwords (I)
Default web panel passwords (II)
Default web panel passwords (III)
DoS - DoS (Denial of service) - Types: - Communication interruption - Malfomed packets (Teardrop) - Physical destruction - Flood - DDoS - Tools: LOIC, Hulk, Aircrack-ng, Exploit-DB
DoS (Impact)
VoIP & DoS - Impact! vs. (web application) - Application layer -> Increase performance - SIP proxy vs. PBX - Tools: - Malformed packets: - Fuzzing (Voiper) - Flood: - Sipvicious - udpflood, inviteflood, rtpflood, iaxflooder - SIPp - Problems: - Old - Diversity of languages -> Complex use/customize - Lack of report generation mechanism
SIPflood (REGISTER)
SIPflood (INVITE)
SIPflood_tcp (INVITE)
SIPflood_DDoS (INVITE)
Countermeasurements - General - Firewall - Secure passwords - Upgrades - Specific: - Monitoring - Fail2ban - ?¿ module (Kamailio) - IDS/IPS (Snort/Prelude) - Session Border Controller (SBC)
References - http://blog.sipvicious.org/2010/12/11-million-euro-loss-in-voip-fraud-and.html -http://www.securitybydefault.com/2012/03/desarrollando-para-metasploit-ii.html - http://code.google.com/p/metasploit/source/browse/sip/sipflood.rb - http://kb.asipto.com/kamailio:usage:k31-sip-scanning-attack - http://saghul.net/blog/2010/06/17/deteniendo-un-sip-flood-con-opensips-y-el- modulo-pike/ - http://www.kamailio.org/docs/modules/1.4.x/pike.html - http://kamailio.org/docs/modules/devel/modules/pipelimit.html - http://kamailio.org/docs/modules/1.4.x/ratelimit.html - http://nicerosniunos.blogspot.com.es/2011/09/voip-information-gathering-metasploit. html - http://nicerosniunos.blogspot.com.es/2012/07/bruteforcing-sip-extensions-with.html - http://code.google.com/p/sipvicious/w/list - http://blog.sipvicious.org/ - http://blog.pepelux.org/2012/02/15/asterisk-invite-attack/ - http://www.hackingvoip.com/ - http://www.offensive-security.com/metasploit-unleashed/Main_Page - http://www.securitybydefault.com/2012/09/riesgos-reales-en-voip.html - http://www.backtrack-linux.org/
Exercise notes -Option 3: you will configure Kamailio for Drake Island. This island has been a pirate refuge for centuries. This tradition survives and nowadays this island has the world highest cracker rate per km2. Last year we used SIPvicious toolkit to test the security of our Kamailio server. Though simple, it’s quite powerful, hacker community skills improve day after day so you must use more powerful tools. That’s the reason why this year will use the Metasploit modules implemented by our colleague jesus. perez@quobis.com to simulate DoS, DDoS and extension brute-force attacks. Your challenge in the practice option will be implement as many attacks and security methods as you can. The security of this operator is in your hands. The international prefix assigned for Drake Island is: 001788[6-7] - References - Any usefull (not exposed) generic attack/countermeasurement accepted - Metasploit SIP scan module (options.rb) bug -> SIPVicious accepted DEFENSE!! 1 attack vector -> 1 defense mechanism
? Pol. A Granxa P.260 36400 Porriño (Spain) Tlf. +34 902 999 465 SIP://sip.quobis.com http://www.quobis.com

Recommended

Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...
Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...
Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...
RootedCON
 
Navy Cyber Defense Operations Command: Commander Task Force 1020
Navy Cyber Defense Operations Command: Commander Task Force 1020Navy Cyber Defense Operations Command: Commander Task Force 1020
Navy Cyber Defense Operations Command: Commander Task Force 1020
DLT Solutions
 
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
Marci Bontadelli
 
Neo900: Crafting The Private Phone
Neo900: Crafting The Private PhoneNeo900: Crafting The Private Phone
Neo900: Crafting The Private Phone
Sebastian Krzyszkowiak
 
Panic Room Brochure 2014 email
Panic Room Brochure 2014 emailPanic Room Brochure 2014 email
Panic Room Brochure 2014 email
Paul Weldon
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
Fatih Ozavci
 
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PROIDEA
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
Flavio Eduardo de Andrade Goncalves
 

Recommended

Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...
Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...
Monica Salas & Raul Siles - Hype Potter and the Chamber of DNSSECrets [rooted...
RootedCON
 
Navy Cyber Defense Operations Command: Commander Task Force 1020
Navy Cyber Defense Operations Command: Commander Task Force 1020Navy Cyber Defense Operations Command: Commander Task Force 1020
Navy Cyber Defense Operations Command: Commander Task Force 1020
DLT Solutions
 
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
Marci Bontadelli
 
Neo900: Crafting The Private Phone
Neo900: Crafting The Private PhoneNeo900: Crafting The Private Phone
Neo900: Crafting The Private Phone
Sebastian Krzyszkowiak
 
Panic Room Brochure 2014 email
Panic Room Brochure 2014 emailPanic Room Brochure 2014 email
Panic Room Brochure 2014 email
Paul Weldon
 
Hacking SIP Like a Boss!
Hacking SIP Like a Boss!Hacking SIP Like a Boss!
Hacking SIP Like a Boss!
Fatih Ozavci
 
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PROIDEA
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
Flavio Eduardo de Andrade Goncalves
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile Security
Skycure
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
Meletis Belsis MPhil/MRes/BSc
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation Security
Cybera Inc.
 
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
SWITCHPOINT NV/SA
 
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PROIDEA
 
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
SWITCHPOINT NV/SA
 
Ride the Light
Ride the LightRide the Light
Ride the Light
Michelle Davies (Hryvnak)
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
Cisco Canada
 
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet dataPacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
APNIC
 
Connecting Syria's Refugees
Connecting Syria's RefugeesConnecting Syria's Refugees
Connecting Syria's Refugees
Cisco Crisis Response
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014
Flavio Eduardo de Andrade Goncalves
 
SAP (In)Security: New and Best
SAP (In)Security: New and BestSAP (In)Security: New and Best
SAP (In)Security: New and Best
Positive Hack Days
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTs
APNIC
 
Denial of services : limiting the threat
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threat
SensePost
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
MarketingArrowECS_CZ
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
SAP security in figures
SAP security in figuresSAP security in figures
SAP security in figures
ERPScan
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018
African Cyber Security Summit
 
2012: The End of the World?
2012: The End of the World?2012: The End of the World?
2012: The End of the World?
Saumil Shah
 
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...
Diego Kreutz
 
[REPORT] Comunicaciones Unificadas y Colaboración (UCC)
[REPORT] Comunicaciones Unificadas y Colaboración (UCC)[REPORT] Comunicaciones Unificadas y Colaboración (UCC)
[REPORT] Comunicaciones Unificadas y Colaboración (UCC)
Quobis
 
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
Quobis
 

More Related Content

Similar to Info secvoip

SAP (In)Security: New and Best
SAP (In)Security: New and BestSAP (In)Security: New and Best
SAP (In)Security: New and Best
Positive Hack Days
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 

Similar to Info secvoip (20)

The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile Security
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
 
The Next Generation Security
The Next Generation SecurityThe Next Generation Security
The Next Generation Security
 
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
 
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
PLNOG 9: Paweł Wachelka - Network protection against DoS/DDoS attacks
 
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
 
Ride the Light
Ride the LightRide the Light
Ride the Light
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
 
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet dataPacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
PacNOG 22: Intrusion in cybsecurity - observations from Honeynet data
 
Connecting Syria's Refugees
Connecting Syria's RefugeesConnecting Syria's Refugees
Connecting Syria's Refugees
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014
 
SAP (In)Security: New and Best
SAP (In)Security: New and BestSAP (In)Security: New and Best
SAP (In)Security: New and Best
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTs
 
Denial of services : limiting the threat
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threat
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
SAP security in figures
SAP security in figuresSAP security in figures
SAP security in figures
 
Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018
 
2012: The End of the World?
2012: The End of the World?2012: The End of the World?
2012: The End of the World?
 
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...
Identity Providers-as-a-Service built as Cloud-of-Clouds: challenges and oppo...
 

More from Quobis

An hour with WebRTC FIC UDC
An hour with WebRTC FIC UDCAn hour with WebRTC FIC UDC
An hour with WebRTC FIC UDC
Quobis
 
QUOBIS corporate portfolio
QUOBIS corporate portfolioQUOBIS corporate portfolio
QUOBIS corporate portfolio
Quobis
 
Webinar WebRTC HTML5 (english)
Webinar WebRTC HTML5 (english)Webinar WebRTC HTML5 (english)
Webinar WebRTC HTML5 (english)
Quobis
 
Webinar WebRTC y HTML5 (spanish) - Quobis
Webinar WebRTC y HTML5 (spanish) - QuobisWebinar WebRTC y HTML5 (spanish) - Quobis
Webinar WebRTC y HTML5 (spanish) - Quobis
Quobis
 
Presentacion kamailio uvigo_09262011
Presentacion kamailio uvigo_09262011Presentacion kamailio uvigo_09262011
Presentacion kamailio uvigo_09262011
Quobis
 
Webinar seguridad VoIP
Webinar seguridad VoIPWebinar seguridad VoIP
Webinar seguridad VoIP
Quobis
 
¿Cómo está cambiando la industria del call center?
¿Cómo está cambiando la industria del call center?¿Cómo está cambiando la industria del call center?
¿Cómo está cambiando la industria del call center?
Quobis
 
Presentacion vtdm
Presentacion vtdmPresentacion vtdm
Presentacion vtdm
Quobis
 
Presentation MultipleTalk
Presentation MultipleTalkPresentation MultipleTalk
Presentation MultipleTalk
Quobis
 
Quobis webinar Siete avances clave en la operabilidad de redes VoIP y NGN
Quobis webinar Siete avances clave en la operabilidad de redes VoIP y NGNQuobis webinar Siete avances clave en la operabilidad de redes VoIP y NGN
Quobis webinar Siete avances clave en la operabilidad de redes VoIP y NGN
Quobis
 
Presentation TalkStorage
Presentation TalkStoragePresentation TalkStorage
Presentation TalkStorage
Quobis
 
Presentation VoiceInstant
Presentation VoiceInstantPresentation VoiceInstant
Presentation VoiceInstant
Quobis
 
Quobis portfolio corporativo
Quobis portfolio corporativoQuobis portfolio corporativo
Quobis portfolio corporativo
Quobis
 
Quobis profile english 2010
Quobis profile english 2010Quobis profile english 2010
Quobis profile english 2010
Quobis
 

More from Quobis (20)

[REPORT] Comunicaciones Unificadas y Colaboración (UCC)
[REPORT] Comunicaciones Unificadas y Colaboración (UCC)[REPORT] Comunicaciones Unificadas y Colaboración (UCC)
[REPORT] Comunicaciones Unificadas y Colaboración (UCC)
 
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
VOIP2DAY 2015: "WebRTC security concerns, a real problem?"
 
Security and identity management on WebRTC
Security and identity management on WebRTCSecurity and identity management on WebRTC
Security and identity management on WebRTC
 
An hour with WebRTC FIC UDC
An hour with WebRTC FIC UDCAn hour with WebRTC FIC UDC
An hour with WebRTC FIC UDC
 
QUOBIS corporate portfolio
QUOBIS corporate portfolioQUOBIS corporate portfolio
QUOBIS corporate portfolio
 
Webinar WebRTC HTML5 (english)
Webinar WebRTC HTML5 (english)Webinar WebRTC HTML5 (english)
Webinar WebRTC HTML5 (english)
 
Webinar WebRTC y HTML5 (spanish) - Quobis
Webinar WebRTC y HTML5 (spanish) - QuobisWebinar WebRTC y HTML5 (spanish) - Quobis
Webinar WebRTC y HTML5 (spanish) - Quobis
 
Presentacion kamailio uvigo_09262011
Presentacion kamailio uvigo_09262011Presentacion kamailio uvigo_09262011
Presentacion kamailio uvigo_09262011
 
Kamailio practice Quobis-University of Vigo Laboratory of Commutation 2012-2...
Kamailio practice Quobis-University of Vigo Laboratory of Commutation 2012-2...Kamailio practice Quobis-University of Vigo Laboratory of Commutation 2012-2...
Kamailio practice Quobis-University of Vigo Laboratory of Commutation 2012-2...
 
Webinar seguridad VoIP
Webinar seguridad VoIPWebinar seguridad VoIP
Webinar seguridad VoIP
 
¿Cómo está cambiando la industria del call center?
¿Cómo está cambiando la industria del call center?¿Cómo está cambiando la industria del call center?
¿Cómo está cambiando la industria del call center?
 
Presentacion vtdm
Presentacion vtdmPresentacion vtdm
Presentacion vtdm
 
Presentation MultipleTalk
Presentation MultipleTalkPresentation MultipleTalk
Presentation MultipleTalk
 
Quobis webinar Siete avances clave en la operabilidad de redes VoIP y NGN
Quobis webinar Siete avances clave en la operabilidad de redes VoIP y NGNQuobis webinar Siete avances clave en la operabilidad de redes VoIP y NGN
Quobis webinar Siete avances clave en la operabilidad de redes VoIP y NGN
 
Presentation TalkStorage
Presentation TalkStoragePresentation TalkStorage
Presentation TalkStorage
 
Presentation VoiceInstant
Presentation VoiceInstantPresentation VoiceInstant
Presentation VoiceInstant
 
Quobis portfolio corporativo
Quobis portfolio corporativoQuobis portfolio corporativo
Quobis portfolio corporativo
 
Quobis profile english 2010
Quobis profile english 2010Quobis profile english 2010
Quobis profile english 2010
 
Perfil Quobis
Perfil QuobisPerfil Quobis
Perfil Quobis
 
Grupo Exportación Tic Galicia
Grupo Exportación Tic GaliciaGrupo Exportación Tic Galicia
Grupo Exportación Tic Galicia
 

Recently uploaded

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
UXDXConf
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 

Recently uploaded (20)

Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 

Info secvoip

  • 1. InfoSec & VoIP Laboratorio de conmutación Jesús Pérez Rubio jesus.perez@quobis.com @jesusprubio 25/09/2012 http://www.quobis.com
  • 2. Contents - VoIP fraud examples - VoIP threats "in the wild" - VoIP & DoS (flood) - Demo: Metasploit SIPflood module - Countermeasurements - Exercise notes
  • 3. VoIP fraud examples (I) - 1 month -> 60.000 $ - 1/2 day -> 23.000 min. -> 15.000 euros - 46 h. -> 11.000 calls -> 120.000 $ - 500.000 calls -> 1.000.000 $ ... - http://shadowcommunications.co.uk/ (Offline) - 1.500.000 calls - 11.000.000 euros - 42 individuals
  • 5. VoIP threats "in the wild" - NO eavesdropping, password cracking, etc. (this time) -> Encryption - Extension/password brute-force - INVITE attack - Default web panel passwords - DoS/DDoS flood
  • 6. Extension/password brute-force (I)
  • 7. Extension/password brute-force (II)
  • 10. Default web panel passwords (I)
  • 11. Default web panel passwords (II)
  • 12. Default web panel passwords (III)
  • 13. DoS - DoS (Denial of service) - Types: - Communication interruption - Malfomed packets (Teardrop) - Physical destruction - Flood - DDoS - Tools: LOIC, Hulk, Aircrack-ng, Exploit-DB
  • 15. VoIP & DoS - Impact! vs. (web application) - Application layer -> Increase performance - SIP proxy vs. PBX - Tools: - Malformed packets: - Fuzzing (Voiper) - Flood: - Sipvicious - udpflood, inviteflood, rtpflood, iaxflooder - SIPp - Problems: - Old - Diversity of languages -> Complex use/customize - Lack of report generation mechanism
  • 20. Countermeasurements - General - Firewall - Secure passwords - Upgrades - Specific: - Monitoring - Fail2ban - ?¿ module (Kamailio) - IDS/IPS (Snort/Prelude) - Session Border Controller (SBC)
  • 21. References - http://blog.sipvicious.org/2010/12/11-million-euro-loss-in-voip-fraud-and.html -http://www.securitybydefault.com/2012/03/desarrollando-para-metasploit-ii.html - http://code.google.com/p/metasploit/source/browse/sip/sipflood.rb - http://kb.asipto.com/kamailio:usage:k31-sip-scanning-attack - http://saghul.net/blog/2010/06/17/deteniendo-un-sip-flood-con-opensips-y-el- modulo-pike/ - http://www.kamailio.org/docs/modules/1.4.x/pike.html - http://kamailio.org/docs/modules/devel/modules/pipelimit.html - http://kamailio.org/docs/modules/1.4.x/ratelimit.html - http://nicerosniunos.blogspot.com.es/2011/09/voip-information-gathering-metasploit. html - http://nicerosniunos.blogspot.com.es/2012/07/bruteforcing-sip-extensions-with.html - http://code.google.com/p/sipvicious/w/list - http://blog.sipvicious.org/ - http://blog.pepelux.org/2012/02/15/asterisk-invite-attack/ - http://www.hackingvoip.com/ - http://www.offensive-security.com/metasploit-unleashed/Main_Page - http://www.securitybydefault.com/2012/09/riesgos-reales-en-voip.html - http://www.backtrack-linux.org/
  • 22. Exercise notes -Option 3: you will configure Kamailio for Drake Island. This island has been a pirate refuge for centuries. This tradition survives and nowadays this island has the world highest cracker rate per km2. Last year we used SIPvicious toolkit to test the security of our Kamailio server. Though simple, it’s quite powerful, hacker community skills improve day after day so you must use more powerful tools. That’s the reason why this year will use the Metasploit modules implemented by our colleague jesus. perez@quobis.com to simulate DoS, DDoS and extension brute-force attacks. Your challenge in the practice option will be implement as many attacks and security methods as you can. The security of this operator is in your hands. The international prefix assigned for Drake Island is: 001788[6-7] - References - Any usefull (not exposed) generic attack/countermeasurement accepted - Metasploit SIP scan module (options.rb) bug -> SIPVicious accepted DEFENSE!! 1 attack vector -> 1 defense mechanism
  • 23. ? Pol. A Granxa P.260 36400 Porriño (Spain) Tlf. +34 902 999 465 SIP://sip.quobis.com http://www.quobis.com