CEH.V6.-.Module.38.VoIP.Hacking

Reproduction is strictly prohibited call redirection

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: P servers or endpoints Rogue VoIP Endpoint Attack • Rogue IP endpoint contacts VoIP server by leveraging stolen or guessed identities, credentials, and network access EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Call Redirection and Hijacking (cont’d) Registration Hijacking EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ARP Spoofing A rogue IP device IP can spoof a normal IP device by sending unsolicited ARP replies to a target host EC-Council Unsolicited ARP reply contains the hardware address of the normal device and the IP address of the malicious device An attacker can use ARP Spoofing to capture, analyze, and eavesdrop into VoIP communications Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ARP Spoofing (cont’d) ARP redirection • Operates bidirectionally wherein a bidi spoofing device can insert itself in the middle of a conversation between two IP devices on a switched network it ARP hijacking • It hijacks a user’s VoIP Subscription and subsequent Voice Voice communications traversing the internal IP network EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ARP Spoofing Attack EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ARP Spoofing Attack (cont’d) EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Service Interception Service interception is a sudden, unlawful interception of VoIP services It occurs due to: • Compromise of PBX hosts and voice gateways • Poor control, detection, and management systems • Poor security awareness and practices and • Poor physical security EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Service Interception (cont’d) Threats include: Attacks against VoIP devices operating systems Configuration weaknesses in VoIP devices VoIP protocol implementation vulnerabilities EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited H.323-Specific Attacks Implementation of H.323 message parsers results in security vulnerabilities in the H.323 suite th EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SIP Security Vulnerabilities SIP is an unstructured text-based protocol and prone to Vulnerabilities identified in: • INVITE message used by two SIP endpoints • SSL implementation in SIP proxy server is vulnerable to an ASN.1 BER BER decoding error EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SIP Attacks Registration Hijacking • An attacker sniffs a REGISTER message from a valid user and modifies it with its own address as the contact address IP Spoofing/Call Fraud • An attacker impersonates another valid user with spoofed ID and sends an INVITE or REGISTER message • If SIP messages are sent in clear text, it is difficult to block IP it spoofing EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SIP Attacks (cont’d) Weakness of Digest Authentication • Since it is based on MD5 digest algorithm being weak, it cannot provide high security INVITE Flooding • An attacker sends INVITE messages with a fake address and paralyzes the user terminal or SIP proxy server BYE Denial of Service • An attacker sniffs valid INVITE messages to counterfeit a valid BYE message and sends it to one of the communicating parties EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SIP Attacks (cont’d) RTP Flooding • An attacker makes fake RTP packets and bombards RTP either of the ends with th...
View Full Document

This note was uploaded on 02/12/2013 for the course CEH v6 taught by Professor John during the Summer '13 term at West Point.

Ask a homework question - tutors are online