Clues for Jan 15th Hacking VoIP
#HackingVoip For an attack on VoIP to be possible, only one side of the conversation needs to be using VoIP
#HackingVoip The use of cleartext protocols, the lack of proper authentication, and the complexity of deploying strong end-to-end security
#HackingVoip Listening to a voicemail system using insecure VoIP phones allows any person on the local segment to listen as well
#HackingVoip Insecure wireless access points and insecure VoIP technology can allow [anyone] to listen to your phones calls
#HackingVoip Organizations limit the spread of sensitive user information across their data networks. Voice networks using IP should, too
#HackingVoip IAX is the one protocol that does both session setup and media transfer
#HackingVoip Once the session is set up using SIP or H.323, the call is sent to the media protocol, which is RTP
#HackingVoip SIP is designed similar to HTTP, where methods like REGISTER, INVITE, FORWARD, LOOKUP, and BYE are used to set up call
#HackingVoip H.323 uses a collection of subprotocols, such as H.225, H.245, H.450, H.239, and H.460, to perform the session setup
#HackingVoip IAX does not use RTP for media transfer because the support is built into the protocol itself
#HackingVoip Usually digital phones are in business environments, analog in home environments. Neither are VoIP hard phones.
#HackingVoip SIP hard/soft phones are usually know as User Agents, while H.323 hard/soft phones are usually referred to as endpoints
#HackingVoip The authentication process in most VoIP deployment occurs at the session layer (SIP, H323, IAX).
#HackingVoip The most common default authentication for SIP is Digest authentication.
#HackingVoip When two phones are calling each other, they authenticate not to each other but to intermediate support servers.
#HackingVoip MAC addresses are sometimes used to authorize certain devices on VoIP networks.
#HackingVoip Encrypting VoIP traffic in both segments is often required. Authentication in SIP (signaling), audio in media (RTP)
#HackingVoip SIP usually listens on TCP or UDP port5060, but it can be configured to any port desired.
#HackingVoip Network port scanners can be used to enumerate SIP User Agents, Registrars, Proxy servers, and other SIP-enabled systems.
#HackingVoip ability to spoof a legitimate gatekeeper, Registrar, Proxy server, or other VoIP authentication entity can be quite harmful
#HackingVoip An attacker can monitor the network simply force a reboot by performing a DoS attack on the endpoint
#HackingVoip Infrastructure immune to users sniffing on the network or security attacks on TFTP, DNS, and DHCP is desperately needed