"We are more secure than a regular phone line."
Expand all |
Post comment
|
Two attacks against VoIP
"We are more secure than a regular phone line."
Expand all |
Post comment
|
|
|
Privacy Statement |
1. Hijack a user's VoIP Subscription
As to be seen on beginning of page 2 the author describes an attack on a SIP Proxy without user authentication!
"This attack can be successful even if the remote SIP proxy server requires authentication of user registration, because the SIP messages are transmitted in the clear and can be captured, modified and replayed."
This is also false if we discuss an actual SIP-Proxy implementation.
E. g. a standard asterisk SIP-Proxy will always reply with a "SIP/2.0 401 Unauthorized", also submitting a digest and a realm value. The client then has to authenticate using a response value which is normally a MD5 Hash consisting of Username, Password, nonce, HTTP Request Method and Request URI.
This prevents the describend attacks.
2. Eavesdropping
Right, in a switched network environment the attack is easy as described.
BUT: Any other service using IP is also "vulnerable"! This is NOT a VoIP-Problem in the first row if ARP-Poisoning is possible. This is a problem of your LAN-implementation.
If I would have a choice between sniffing IP Traffic between CIO and File-Server using SMB or CEO and his/her secretary using RTP, I definitely would choose SMB-Traffic.
Conclusion:
Use a "state of the art" SIP-Proxy implementation using authentication (of course you already have one), secure your LAN-environment e.g. using VLANs to seperate, 802.1x to authenticate and so on. This is sth. we're preaching since years.
Cheers,
Toby
tglemser (at) tele-consulting (dot) com [email concealed]
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1862/507#507