CEH.V6.-.Module.38.VoIP.Hacking

Reproduction is strictly prohibited how to insert

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: with SIP SIP pretended legitimate SIP endpoint Attack Steps: • Trick a SIP phone or SIP proxy into communicating with a rogue application • Provide a rogue application that can properly mimic the behavior of a SIP phone and /or SIP proxy EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited How to Insert Rogue Application Network-level MITM attacks: • Used to trick a SIP phone or SIP proxy into communicating with a rogue application Registration hijacking: • It refers to a situation where an attacker replaces legitimate registration with a false one Redirection response attacks: • Can cause inbound calls to go to a rogue application rather than the legitimate SIP phone, an attacker replies to a SIP an INVITE with a certain response SIP phone reconfiguration: Physical access to the access to network: EC-Council • When a user makes a call, it will communicate with the rogue application, rather than legitimate proxy • If you have physical access to the wire connecting a SIP endpoint to the network switch, you can insert a PC acting th PC as an inline bridge Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SIP Rogue Application View and modify signaling and media by tricking SIP proxies and SIP phones into talking to rogue applications Rogue Rogue SIP Back-to-Back-User Agent (B2BUA): • Performs like a user agent/SIP phone and can get between SIP proxy proxy and SIP phone • It is “inline” on all signalling and media Rogue SIP proxy: • Performs also like a SIP proxy • It is “inline” on all signaling exchanged with it on EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Listening to/Recording Calls Set Set up a test bed with two proxies, each of which served several SIP phones To perform this attack: • Insert sip_rouge application in the middle • Run the application on the hacker system and relay calls to the original intended recipient • Commands to configure the sip_rouge application • Issue<sipEndPointName> accept calls [after ringing for<number><number>seconds] EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Replacing/Mixing Audio Use sip_rogue application to insert or mix in audio sip_rogue application can drop and replace with the legitimate recorded one during the call Attackers can vary the amplitude of the mixed audio causing it to “drown out” the legitimate audio or sound Attacker can mix in noise creating a perception that VoIP system is behaving poorly EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Dropping Calls with a Rogue SIP Proxy Proxy Configure sip_rogue application as a Sip proxy and insert it in the signalling stream between a SIP phone and SIP proxy Attacker can record signalling, redirect calls, and selectively drop calls Configure sip_rogue application to drop all calls Commands required to configure sip_rogue application: sip_rogue telnet localhost 6060 connection 0 create sipudpport port create sipdispatcher disp create sipregistrar reg 10.1.101.1 issue port hold EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Randomly Redirect Calls with a Rogue SIP Proxy Configure sip_rogue application to randomly redirect calls Commands to cause sip_rogue application for randomly redirect calls: sip_rogue telnet localhost 6060 localhost 6060 connection 0 create sipudpport port create sipdispatcher disp create sipregistrar reg 10.1.101.1 sipregistrar reg 10 issue reg randomize EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Additional Attacks with a Rogue Rogue SIP Proxy sip_rogue application c...
View Full Document

Ask a homework question - tutors are online