Hacking VoIP Protocols, Attacks, and Countermeasures
Voice Over Internet Protocol (VoIP) networks, the technology used to place phone calls through the Internet, suffer from the same security holes as standard IP networks, as well as new threats specific to telephony. In addition to attacks on network availability and authentication, administrators mu...
| Main Author: | |
|---|---|
| Format: | eBook |
| Language: | Inglés |
| Published: |
San Francisco :
No Starch Press
2008.
|
| Edition: | 1st ed |
| Subjects: | |
| See on Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627612406719 |
Table of Contents:
- Acknowledgments; Introduction; Book Overview; Lab Setup; SIP/IAX/H.323 Server; SIP Setup; H.323 Setup (Ekiga); IAX Setup; 1: An Introduction to VoIP Security; Why VoIP; VoIP Basics; How It Works; Protocols; Deployments; VoIP Security Basics; Authentication; Authorization; Availability; Encryption; Attack Vectors; Summary; PART I: VoIP Protocols; 2: Signaling: SIP Security; SIP Basics; SIP Messages; Making a VoIP Call with SIP Methods; Registration; The INVITE Request; Enumeration and Registration; Enumerating SIP Devices on a Network; Registering with Identified SIP Devices; Authentication
- EncryptionSIP Security Attacks; Username Enumeration; SIP Password Retrieval; Man-in-the-Middle Attack; Registration Hijacking; Spoofing SIP Proxy Servers and Registrars; Denial of Service via BYE Message; Denial of Service via REGISTER; Denial of Service via Un-register; Fuzzing SIP; Summary; 3: Signaling: H.323 Security; H.323 Security Basics; Enumeration; Authentication; Authorization; H.323 Security Attacks; Username Enumeration (H.323 ID); H.323 Password Retrieval; H.323 Replay Attack; H.323 Endpoint Spoofing (E.164 Alias); E.164 Alias Enumeration; E.164 Hopping Attacks
- Denial of Service via NTPDenial of Service via UDP (H.225 Registration Reject); Denial of Service via Host Unreachable Packets; Denial of Service via H.225 nonStandardMessage; Summary; 4: Media: RTP Security; RTP Basics; RTP Security Attacks; Passive Eavesdropping; Active Eavesdropping; Denial of Service; Summary; 5: Signaling and Media: IAX Security; IAX Authentication; IAX Security Attacks; Username Enumeration; Offline Dictionary Attack; Active Dictionary Attack; IAX Man-in-the-Middle Attack; MD5-to-Plaintext Downgrade Attack; Denial of Service Attacks; Summary
- PART II: VoIP Security Threats6: Attacking VoIP Infrastructure; Vendor-Specific VoIP Sniffing; Hard Phones; Compromising the Phone's Configuration File; Uploading a Malicious Configuration File; Exploiting Weaknesses of SNMP; Cisco CallManager and Avaya Call Center; Using Nmap to Scan VoIP Devices; Scanning Web Management Interfaces with Nikto; Discovering Vulnerable Services with Nessus; Modular Messaging Voicemail System; Infrastructure Server Impersonation; Spoofing SIP Proxies and Registrars; Redirecting H.323 Gatekeepers; Summary; 7: Unconventional VoIP Security Threats; VoIP Phishing
- Spreading the MessageReceiving the Calls; Making Free Calls; Caller ID Spoofing; Example 1; Example 2; Example 3; Example 4; Anonymous Eavesdropping and Call Redirection; Spam Over Internet Telephony; SPIT and the City; Lightweight SPIT with Skype/Google Talk; Summary; 8: Home VoIP Solutions; Commercial VoIP Solutions; Vonage; Voice Injection (RTP); Username/Password Retrieval (SIP); PC-Based VoIP Solutions; Yahoo! Messenger; Google Talk; Microsoft Live Messenger; Skype; SOHO Phone Solutions; Summary; PART III: Assess and Secure VoIP; 9: Securing VoIP; SIP over SSL/TLS; Secure RTP
- SRTP and Media Protection with AES Cipher
