CEH.V6.-.Module.38.VoIP.Hacking

Reproduction is strictly prohibited eavesdropping

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Invalid Packet DoS • It sends VoIP servers or endpoints invalid packets that exploit device OS and TCP/IP EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Eavesdropping Attack that allows to capture the data stream among VoIP endpoints without altering the data da Eavesdropping is used for: Call Pattern Tracking Traffic Capture EC-Council • An illegal data traffic produced by the node or nodes on the network that includes theft and deceiving activities like phishing • It is an unauthorized way of recording data traffic Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Eavesdropping (cont’d) Number Harvesting • It is an unauthorized capturing of numbers and email addresses Voicemail Reconstruction • It is an unauthorized monitoring, recording, recognition, interpretation, and translation of any voice mail message Fax Reconstruction • It is the illegal interpretation, translation, and feature extraction of any document image EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Eavesdropping (cont’d) Video Reconstruction Text Text Reconstruction Conversation Reconstruction EC-Council • It is the unauthorized recording, storage, interpretation, and feature extraction of moving images • It is the unlawful monitoring, storage, recognition, translation and feature extraction of text in containing identity, presence or status • It is the illegal recording, storage, recognition, interpretation, and feature extraction of voice portion communication communication system Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Packet Spoofing and Masquerading Masquerading Packet Spoofing and Masquerading is sending the IP packets with fake source addresses Packet Packet Spoofing and Masquerading is used to: • Misconfigure the origin of the packet while attacking • Connect as another system as the attack originator • Masquerade as a trusted system by manipulating of Caller ID or Call Line Identification (CLID) • Intercept or hijack network traffic • Direct response to another system and • Perform “man-in-the-middle” spoofing attacks EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Packet Spoofing and Masquerading Masquerading (cont’d) From: Fake source To: Victim Attacker Victim EC-Council From: Victim To: Fake source Fake source Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Replay Attack Replay Replay Attack captures a valid packet with the intent of replaying in the network Attackers can use replay attacks for: • Capturing the entry point to the target network to eavesdrop or other attack purposes • Packet spoofing and masquerading VoIP network is prone to such attacks if no message integrity integrity checking is conducted EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Call Redirection and Hijacking In In call redirection and hijacking, an attacker an redirects a call intended for a user Attack Scenarios • Registration Hijacking • It occurs when an attacker impersonates a valid UA (User Agent) to a registrar and replaces the registration with its own address • Proxy Impersonation • It occurs when an attacker tricks a SIP UA or proxy into communicating with a rogue proxy EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Call Redirection and Hijacking (cont’d) Toll Fraud • Rogue or legitimate VoIP endpoint uses a VoIP server to place unauthorized toll calls over the PSTN Message Tampering • Capture, modify, and relay unauthenticated VoIP packets to/from endpoints VoIP Protocol Implementation Attacks • Sends invalid packets to VoI...
View Full Document

This note was uploaded on 02/12/2013 for the course CEH v6 taught by Professor John during the Summer '13 term at West Point.

Ask a homework question - tutors are online