SlideShare una empresa de Scribd logo

Pentesting VoIP

Descargar como PPTX, PDF
Vengatesh Nagarajan
Vengatesh Nagarajan

*Basics *Attack scenarios *Attack methods

Tecnología
1 de 6
Pentesting voIP
Boring stuffs • allows you to make and receive telephone calls over the Internet • low international phone call rates to other countries • Protocols under voIP: • SIP(UDP -5060) • H.323 • RTP • Skype
• SIP: Requests • INVITE - establish connection • BYE - terminate • REGISTER – indicate client address to server • SIP: Responses • 1xx - responses to requests • 2xx: 200-level responses indicate a successful completion of the request • 3xx: redirection is needed for completion of the request. • 4xx: bad syntax • 5xx: The server failed to fulfil an apparently valid request • 6xx: This is a global failure
Attacks on SIP • Information gathering and foot printing • Eavesdropping and capturing traffic • VLAN hopping • Spoofing Caller ID • Identification of Denial of Service (DoS) vulnerabilities • Authentication Attacks
Demo !!
VoIP Checklist for Penetration Testers • VoIP-001 - VLAN hopping from data network to voice network • VoIP-002 - Extension Enumeration & Number Harvesting • VoIP-003 - Capturing SIP Authentication • VoIP-004 - Eavesdropping Calls • VoIP-005 - CallerID spoofing • VoIP-006 - RTP injection • VoIP-007 - Signaling Manipulation • VoIP-008 - Identification of insecure services • VoIP-009 - Testing for Default Credentials • VoIP-010 - Application level vulnerabilities • VoIP-011 - Voice Mail Attacks • VoIP-012 - Phone Firmware Analysis

Recomendados

FreePBX Application Introduce
FreePBX Application IntroduceFreePBX Application Introduce
FreePBX Application IntroduceZack Chou
 
Sip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introSip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introHotware International Inc.
 
Sip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introSip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introHotware International Inc.
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis MPhil/MRes/BSc
 
Introduction to VoIP Security
Introduction to VoIP SecurityIntroduction to VoIP Security
Introduction to VoIP Securityn|u - The Open Security Community
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 
Firewall
FirewallFirewall
Firewalllyndyv
 
Voice over Internet Protocol.
Voice over Internet Protocol.Voice over Internet Protocol.
Voice over Internet Protocol.Fouzia Noor
 

Recomendados

FreePBX Application Introduce
FreePBX Application IntroduceFreePBX Application Introduce
FreePBX Application IntroduceZack Chou
 
Sip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introSip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introHotware International Inc.
 
Sip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introSip 416 (sip proxy server) intro
Sip 416 (sip proxy server) introHotware International Inc.
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis MPhil/MRes/BSc
 
Introduction to VoIP Security
Introduction to VoIP SecurityIntroduction to VoIP Security
Introduction to VoIP Securityn|u - The Open Security Community
 
VoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksVoIP – vulnerabilities and attacks
VoIP – vulnerabilities and attacksn|u - The Open Security Community
 
Firewall
FirewallFirewall
Firewalllyndyv
 
Voice over Internet Protocol.
Voice over Internet Protocol.Voice over Internet Protocol.
Voice over Internet Protocol.Fouzia Noor
 
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...Askozia
 
Sip & its application
Sip & its applicationSip & its application
Sip & its applicationPoulami Pal
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
VOIP services
VOIP servicesVOIP services
VOIP servicesPankaj Saharan
 
Voip
VoipVoip
VoipHardik Kakadiya
 
Voip
VoipVoip
VoipHardik Kakadiya
 
The Role of SBC in Fraud Protection
The Role of SBC in Fraud ProtectionThe Role of SBC in Fraud Protection
The Role of SBC in Fraud ProtectionAlan Percy
 
The Role of SBCs in Fraud Protection
The Role of SBCs in Fraud ProtectionThe Role of SBCs in Fraud Protection
The Role of SBCs in Fraud ProtectionTelcoBridges Inc.
 
VoIP
VoIPVoIP
VoIPamilkanthawar
 
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tDefcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tpseudor00t overflow
 
Implementing Voice Over Internet Protocol(VOIP)
Implementing Voice Over Internet Protocol(VOIP) Implementing Voice Over Internet Protocol(VOIP)
Implementing Voice Over Internet Protocol(VOIP) Michael St. John
 
Secure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishSecure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishAskozia
 
Voip
VoipVoip
VoipAbd17m
 
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days
 
An Evolving Era of Botnet Empires @ BSides Las Vegas
An Evolving Era of Botnet Empires @ BSides Las VegasAn Evolving Era of Botnet Empires @ BSides Las Vegas
An Evolving Era of Botnet Empires @ BSides Las VegasAndrea Scarfo
 
DinstarIndia Session Border Controller 1000
DinstarIndia Session Border Controller 1000DinstarIndia Session Border Controller 1000
DinstarIndia Session Border Controller 1000Dinstar India
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
VOIP Pros & Cons
VOIP Pros & ConsVOIP Pros & Cons
VOIP Pros & ConsZakaria Hasan
 
Mobile Dialer by Voxvalley
Mobile Dialer by VoxvalleyMobile Dialer by Voxvalley
Mobile Dialer by VoxvalleyVoxvalley .
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)Fatih Ozavci
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Más contenido relacionado

Similar a Pentesting VoIP

How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...Askozia
 
Sip & its application
Sip & its applicationSip & its application
Sip & its applicationPoulami Pal
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
The Role of SBC in Fraud Protection
The Role of SBC in Fraud ProtectionThe Role of SBC in Fraud Protection
The Role of SBC in Fraud ProtectionAlan Percy
 
The Role of SBCs in Fraud Protection
The Role of SBCs in Fraud ProtectionThe Role of SBCs in Fraud Protection
The Role of SBCs in Fraud ProtectionTelcoBridges Inc.
 
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tDefcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tpseudor00t overflow
 
Implementing Voice Over Internet Protocol(VOIP)
Implementing Voice Over Internet Protocol(VOIP) Implementing Voice Over Internet Protocol(VOIP)
Implementing Voice Over Internet Protocol(VOIP) Michael St. John
 
Secure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishSecure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishAskozia
 
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days
 
An Evolving Era of Botnet Empires @ BSides Las Vegas
An Evolving Era of Botnet Empires @ BSides Las VegasAn Evolving Era of Botnet Empires @ BSides Las Vegas
An Evolving Era of Botnet Empires @ BSides Las VegasAndrea Scarfo
 
DinstarIndia Session Border Controller 1000
DinstarIndia Session Border Controller 1000DinstarIndia Session Border Controller 1000
DinstarIndia Session Border Controller 1000Dinstar India
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesFatih Ozavci
 
Mobile Dialer by Voxvalley
Mobile Dialer by VoxvalleyMobile Dialer by Voxvalley
Mobile Dialer by VoxvalleyVoxvalley .
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)Fatih Ozavci
 

Similar a Pentesting VoIP (20)

How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...How to protect your business telephony from cyber attacks - webinar 2017, Eng...
How to protect your business telephony from cyber attacks - webinar 2017, Eng...
 
Sip & its application
Sip & its applicationSip & its application
Sip & its application
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
 
VOIP services
VOIP servicesVOIP services
VOIP services
 
Voip
VoipVoip
Voip
 
Voip
VoipVoip
Voip
 
The Role of SBC in Fraud Protection
The Role of SBC in Fraud ProtectionThe Role of SBC in Fraud Protection
The Role of SBC in Fraud Protection
 
The Role of SBCs in Fraud Protection
The Role of SBCs in Fraud ProtectionThe Role of SBCs in Fraud Protection
The Role of SBCs in Fraud Protection
 
VoIP
VoIPVoIP
VoIP
 
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tDefcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
 
Implementing Voice Over Internet Protocol(VOIP)
Implementing Voice Over Internet Protocol(VOIP) Implementing Voice Over Internet Protocol(VOIP)
Implementing Voice Over Internet Protocol(VOIP)
 
Secure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishSecure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, English
 
Voip
VoipVoip
Voip
 
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshopPositive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days. Gritsai. VOIP insecurities workshop
 
An Evolving Era of Botnet Empires @ BSides Las Vegas
An Evolving Era of Botnet Empires @ BSides Las VegasAn Evolving Era of Botnet Empires @ BSides Las Vegas
An Evolving Era of Botnet Empires @ BSides Las Vegas
 
DinstarIndia Session Border Controller 1000
DinstarIndia Session Border Controller 1000DinstarIndia Session Border Controller 1000
DinstarIndia Session Border Controller 1000
 
VoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco PhonesVoIP Wars: Attack of the Cisco Phones
VoIP Wars: Attack of the Cisco Phones
 
VOIP Pros & Cons
VOIP Pros & ConsVOIP Pros & Cons
VOIP Pros & Cons
 
Mobile Dialer by Voxvalley
Mobile Dialer by VoxvalleyMobile Dialer by Voxvalley
Mobile Dialer by Voxvalley
 
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)VoIP Wars: Destroying Jar Jar Lync (Filtered version)
VoIP Wars: Destroying Jar Jar Lync (Filtered version)
 

Último

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Último (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Pentesting VoIP

  • 2. Boring stuffs • allows you to make and receive telephone calls over the Internet • low international phone call rates to other countries • Protocols under voIP: • SIP(UDP -5060) • H.323 • RTP • Skype
  • 3. • SIP: Requests • INVITE - establish connection • BYE - terminate • REGISTER – indicate client address to server • SIP: Responses • 1xx - responses to requests • 2xx: 200-level responses indicate a successful completion of the request • 3xx: redirection is needed for completion of the request. • 4xx: bad syntax • 5xx: The server failed to fulfil an apparently valid request • 6xx: This is a global failure
  • 4. Attacks on SIP • Information gathering and foot printing • Eavesdropping and capturing traffic • VLAN hopping • Spoofing Caller ID • Identification of Denial of Service (DoS) vulnerabilities • Authentication Attacks
  • 6. VoIP Checklist for Penetration Testers • VoIP-001 - VLAN hopping from data network to voice network • VoIP-002 - Extension Enumeration & Number Harvesting • VoIP-003 - Capturing SIP Authentication • VoIP-004 - Eavesdropping Calls • VoIP-005 - CallerID spoofing • VoIP-006 - RTP injection • VoIP-007 - Signaling Manipulation • VoIP-008 - Identification of insecure services • VoIP-009 - Testing for Default Credentials • VoIP-010 - Application level vulnerabilities • VoIP-011 - Voice Mail Attacks • VoIP-012 - Phone Firmware Analysis