SlideShare a Scribd company logo

Pentesting VoIP

Download as PPTX, PDF
Vengatesh Nagarajan, profile picture
Vengatesh Nagarajan

This document discusses penetration testing of voice over IP (VoIP) systems. It begins with an overview of VoIP, describing how it allows phone calls over the internet and its common protocols like SIP and RTP. It then covers attacks like information gathering, eavesdropping on traffic, VLAN hopping, spoofing caller ID, and denial of service vulnerabilities. The document concludes with a checklist of penetration testing techniques for VoIP systems, such as VLAN hopping, extension enumeration, capturing SIP authentication, eavesdropping on calls, and callerID spoofing.

Technology
1 of 6
Downloaded 10 times
1
2
3
4
5
6
Pentesting voIP
Boring stuffs • allows you to make and receive telephone calls over the Internet • low international phone call rates to other countries • Protocols under voIP: • SIP(UDP -5060) • H.323 • RTP • Skype
• SIP: Requests • INVITE - establish connection • BYE - terminate • REGISTER – indicate client address to server • SIP: Responses • 1xx - responses to requests • 2xx: 200-level responses indicate a successful completion of the request • 3xx: redirection is needed for completion of the request. • 4xx: bad syntax • 5xx: The server failed to fulfil an apparently valid request • 6xx: This is a global failure
Attacks on SIP • Information gathering and foot printing • Eavesdropping and capturing traffic • VLAN hopping • Spoofing Caller ID • Identification of Denial of Service (DoS) vulnerabilities • Authentication Attacks
Demo !!
VoIP Checklist for Penetration Testers • VoIP-001 - VLAN hopping from data network to voice network • VoIP-002 - Extension Enumeration & Number Harvesting • VoIP-003 - Capturing SIP Authentication • VoIP-004 - Eavesdropping Calls • VoIP-005 - CallerID spoofing • VoIP-006 - RTP injection • VoIP-007 - Signaling Manipulation • VoIP-008 - Identification of insecure services • VoIP-009 - Testing for Default Credentials • VoIP-010 - Application level vulnerabilities • VoIP-011 - Voice Mail Attacks • VoIP-012 - Phone Firmware Analysis

More Related Content

PPTX
FreePBX Application Introduce
Zack Chou
 
PDF
Sip 416 (sip proxy server) intro
Hotware International Inc.
 
PPTX
Sip 416 (sip proxy server) intro
Hotware International Inc.
 
PPT
Meletis Belsis - Voip security
Meletis Belsis MPhil/MRes/BSc
 
PPT
Introduction to VoIP Security
n|u - The Open Security Community
 
PPTX
VoIP – vulnerabilities and attacks
n|u - The Open Security Community
 
PPTX
Firewall
lyndyv
 
PPTX
Voice over Internet Protocol.
Fouzia Noor
 
FreePBX Application Introduce
Zack Chou
 
Sip 416 (sip proxy server) intro
Hotware International Inc.
 
Sip 416 (sip proxy server) intro
Hotware International Inc.
 
Meletis Belsis - Voip security
Meletis Belsis MPhil/MRes/BSc
 
Introduction to VoIP Security
n|u - The Open Security Community
 
VoIP – vulnerabilities and attacks
n|u - The Open Security Community
 
Firewall
lyndyv
 
Voice over Internet Protocol.
Fouzia Noor
 

Similar to Pentesting VoIP (20)

PPTX
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days
 
PDF
VOIP services
Pankaj Saharan
 
PPTX
Session Initiation Protocol - In depth analysis
chinmaypadhye1985
 
PDF
BlackHat Hacking - Hacking VoIP.
Sumutiu Marius
 
PPT
1 Vo Ip Overview
Mohsin Fakhar
 
PPT
1 VoIP Overview[1]
William Giba
 
PPT
Introduction To SIP
Chris McAndrew
 
PPTX
Introduction to SIP + SIP Call Flow + SIP Network Entities
MohsinHabib25
 
PDF
Sip Understanding The Session Initiation Protocol 2nd Edition Alan B Johnston
geetunelmars
 
PPT
1 Vo Ip Overview
Mayank Vora
 
PPT
1 Vo I P Overview
Mayank Vora
 
PDF
voip_en
Pierpaolo Palazzoli
 
PPT
VoIP
amilkanthawar
 
PPT
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
ALTANAI BISHT
 
PPT
Voice Over IP Overview w/Secuirty
Christopher Duffy
 
PPTX
SIP security in IP telephony
PaloSanto Solutions
 
PPT
VoIPER: Smashing the VoIP stack while you sleep
guestad6e9e
 
PDF
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
pseudor00t overflow
 
PPTX
An approach to mitigate DDoS attacks on SIP.pptx
amalouwarda1
 
PDF
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
Sean Flores
 
Positive Hack Days. Gritsai. VOIP insecurities workshop
Positive Hack Days
 
VOIP services
Pankaj Saharan
 
Session Initiation Protocol - In depth analysis
chinmaypadhye1985
 
BlackHat Hacking - Hacking VoIP.
Sumutiu Marius
 
1 Vo Ip Overview
Mohsin Fakhar
 
1 VoIP Overview[1]
William Giba
 
Introduction To SIP
Chris McAndrew
 
Introduction to SIP + SIP Call Flow + SIP Network Entities
MohsinHabib25
 
Sip Understanding The Session Initiation Protocol 2nd Edition Alan B Johnston
geetunelmars
 
1 Vo Ip Overview
Mayank Vora
 
1 Vo I P Overview
Mayank Vora
 
voip_en
Pierpaolo Palazzoli
 
VoIP
amilkanthawar
 
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
ALTANAI BISHT
 
Voice Over IP Overview w/Secuirty
Christopher Duffy
 
SIP security in IP telephony
PaloSanto Solutions
 
VoIPER: Smashing the VoIP stack while you sleep
guestad6e9e
 
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
pseudor00t overflow
 
An approach to mitigate DDoS attacks on SIP.pptx
amalouwarda1
 
AN OVERVIEW OF VOICE OVER INTERNET PROTOCOL (VOIP
Sean Flores
 
Ad

Recently uploaded (20)

PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPT
Teaching material agriculture food technology
LiaRayya
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Approach and Philosophy of On baking technology
30anthuong17
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Teaching material agriculture food technology
LiaRayya
 
Ad

Pentesting VoIP

  • 2. Boring stuffs • allows you to make and receive telephone calls over the Internet • low international phone call rates to other countries • Protocols under voIP: • SIP(UDP -5060) • H.323 • RTP • Skype
  • 3. • SIP: Requests • INVITE - establish connection • BYE - terminate • REGISTER – indicate client address to server • SIP: Responses • 1xx - responses to requests • 2xx: 200-level responses indicate a successful completion of the request • 3xx: redirection is needed for completion of the request. • 4xx: bad syntax • 5xx: The server failed to fulfil an apparently valid request • 6xx: This is a global failure
  • 4. Attacks on SIP • Information gathering and foot printing • Eavesdropping and capturing traffic • VLAN hopping • Spoofing Caller ID • Identification of Denial of Service (DoS) vulnerabilities • Authentication Attacks
  • 6. VoIP Checklist for Penetration Testers • VoIP-001 - VLAN hopping from data network to voice network • VoIP-002 - Extension Enumeration & Number Harvesting • VoIP-003 - Capturing SIP Authentication • VoIP-004 - Eavesdropping Calls • VoIP-005 - CallerID spoofing • VoIP-006 - RTP injection • VoIP-007 - Signaling Manipulation • VoIP-008 - Identification of insecure services • VoIP-009 - Testing for Default Credentials • VoIP-010 - Application level vulnerabilities • VoIP-011 - Voice Mail Attacks • VoIP-012 - Phone Firmware Analysis