CEH.V6.-.Module.38.VoIP.Hacking

Reproduction is strictly prohibited what is fuzzing

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: an perform other attacks, when configured as a rogue SIP proxy Few signalling attacks: • • • • • EC-Council Sending all calls through a rogue B2BUA Negotiating not using media encryption Selectively dropping calls Creating a database of a key user’s calling patterns Monitoring signaling for passwords and keys Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What is Fuzzing Fuzzing is the method for finding bugs and vulnerabilities by creating different types of packets for the target protocol that push the protocol's specifications to the breaking point Also known as Robustness testing or Functional protocol testing For efficient fuzzing, create representative test cases EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Why Fuzzing To find the security vulnerabilities and robustness of vendor’s software applications applications To find the exploitable problem with a potentially deployed VoIP applications To find the common vulnerabilities such as: • • • • EC-Council Buffer overflows Format string vulnerability Integer overflow Endless Loops and logic errors Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Commercial VoIP Fuzzing Tools Codenomicon test tool (http://www. Codenomicon.com) Musecurity’s Mu-4000 (http://www. Musecurity.com) Beyond security’s BeStorm(http://www. Beyondsecurity.com) Gleg.net’s Proto Ver Professional(http://www. Gleg.net/) Security Innovations Hydra( http://www. Securityinnovation.com) Sipera systems LAVA(http://www. Sipera.com) EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Signaling and Media Manipulation An attacker manipulates SIP signaling or media to hijack or otherwise SIP hij manipulate calls Common attacks: • Registration Removal • Registration Addition EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Registration Removal with erase_registrations Tool erase_registrations tool sends a properly crafted REGISTER request for a SIP phone to a SIP proxy Attacks: Simple Registration Removal • erase_registrations tool erases the registrations for one or all of the SIP phones Registration Removal Race Condition • It defeats when a SIP phone re-registers itself Registration Removal with SiVuS • Use SiVuS to erase registrations EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Registration Addition with add add_registrations Tool add_registrations tool sends a properly crafted REGISTER request, containing a new contact for a user Attacks: Annoying Users by Adding New Contacts • It add one or more contacts for one or more SIP phones, so that when the intended user receives receives an inbound call, multiple SIP phones will ring Basic Registration Hijacking • It can be used to add a new contact, performing a basic registration hijacking attack Registration Addition with SiVuS • Use SiVuS to create a REGISTER request for the current registration while adding a new contact EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited VoIP Phishing VoIP Phishing involves an attacker setting up a fake IVR (Interactive Voice Response) Response) trying to glean the victims’ account number account Also known as vishing Attacker trick victims into entering sensitive information such as: • PIN number • Account number • SSN EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Covering The Tracks EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Covering Tracks Once intruders have successfully gained Administrator’s access on a system, they th will try to cover the detection of their presence When all the information of interest has been stripped off from the target, the the intruder installs several backdoors so that he can gain easy access in the future EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Footprinting is the process of accumulating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment ll th th Hacker generally tries to gain information about the possible supporting infrastructure before launching an attack Fuzzing is the method for finding bugs and vulnerabilities by creating different types of packets for the target protocol that push the protocol's specifications to the breaking point l' VoIP Phishing involves an attacker setting up a fake IVR (Interactive Voice Response) trying to glean the victims’ account number In MITM attack, an attacker is able to insert himself/herself between two communicating parties to eavesdrop and/or alter the data traveling between them without their knowledge EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited...
View Full Document

This note was uploaded on 02/12/2013 for the course CEH v6 taught by Professor John during the Summer '13 term at West Point.

Ask a homework question - tutors are online