HAck inG “i cAn HeAr You now.” H A voiP c k HimAnsHu i Protocols, AttAcks, And countermeAsures dwivedi n G Voice over Internet Protocol (VoIP) networks security assessment tools, the inherent vulner- have freed users from the tyranny of big telecom, abilities of common hardware and software v allowing people to make phone calls over the packages, and how to: Internet at very low or no cost. But while VoIP is o > Identify and defend against VoIP security easy and cheap, it’s notoriously lacking in secu- attacks such as eavesdropping, audio injection, i rity. With minimal effort, hackers can eavesdrop caller ID spoofing, and VoIP phishing P on conversations, disrupt phone calls, change > Audit VoIP network security caller IDs, insert unwanted audio into existing > Assess the security of enterprise-level VoIP phone calls, and access sensitive information. networks such as Cisco, Avaya, and Asterisk, Hacking VoIP takes a dual approach to VoIP and home VoIP solutions like Yahoo! and security, explaining its many security holes to Vonage hackers and administrators. If you’re serious > Use common VoIP protocols like H.323, SIP, about security, and you either use or administer and RTP as well as unique protocols like IAX VoIP, you should know where VoIP’s biggest > Identify the many vulnerabilities in any VoIP weaknesses lie and how to shore up your security. network And if your intellectual curiosity is leading you to explore the boundaries of VoIP, Hacking VoIP is Whether you’re setting up and defending your your map and guidebook. VoIP network against attacks or just having sick Hacking VoIP will introduce you to every aspect fun testing the limits of VoIP networks, Hacking of VoIP security, both in home and enterprise VoIP is your go-to source for every aspect of VoIP implementations. You’ll learn about popular security and defense. HimAnsHu dwivedi is a leading security expert and researcher. He has written four additional books, Hacking Exposed: Web 2.0 (mcGraw-Hill), Securing Storage (Addison wesley), Hacker’s Challenge 3 (mcGraw-Hill), and Implementing SSH (wiley). A founder of isec Partners, dwivedi manages isec’s product development and engineering, specialized security solutions, and the creation of security testing tools for customers. d w THE FINEST IN GEEK ENTERTAINMENT™ www.nostarch.com i v e $44.95 ($44.95 CDN) sHelve in: NetworkiNg/SeCurity d i ISBN: 978-1-59327-163-3 54495 9 781593 271633 6 89145 71638 2 www.it-ebooks.info www.it-ebooks.info HACKING VOIP www.it-ebooks.info www.it-ebooks.info San Francisco www.it-ebooks.info HACKING VOIP. Copyright © 2009 by Himanshu Dwivedi. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. 12 11 10 09 08 1 2 3 4 5 6 7 8 9 ISBN-10: 1-59327-163-8 ISBN-13: 978-1-59327-163-3 Publisher: William Pollock Production Editor: Megan Dunchak Cover Design: Octopod Studios Developmental Editors: William Pollock and Adam Wright Technical Reviewer: Zane Lackey Copyeditor: Eric Newman Compositors: Riley Hoffman and Kathleen Mish Proofreader: Gabriella West Indexer: Nancy Guenther For information on book distributors or translations, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 555 De Haro Street, Suite 250, San Francisco, CA 94107 phone: 415.863.9900; fax: 415.863.9950; [email protected]; www.nostarch.com Library of Congress Cataloging-in-Publication Data: Dwivedi, Himanshu. Hacking VoIP : protocols, attacks, and countermeasures / Himanshu Dwivedi. p. cm. Includes index. ISBN-13: 978-1-59327-163-3 ISBN-10: 1-59327-163-8 1. Internet telephony--Security measures. 2. Computer networks--Security measures. I. Title. TK5105.8865.P37 2009 004.69'5--dc22 2008038559 No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. www.it-ebooks.info This book is FOR MY DAD, quite simply the best human being I have ever met. This book is dedicated to my family, specifically: My daughter, Sonia Raina Dwivedi, for her smiles, laughs, persistence, flexibility, inflexibility, vocabulary, and the ability to make everybody around her happy. My son, whose presence brings more happiness to everyone around him. My wife, Kusum Pandey, who simply makes it all worthwhile . . . and then some! www.it-ebooks.info www.it-ebooks.info B R I E F C O N T E N T S Acknowledgments........................................................................................................xiii Introduction....................................................................................................................1 Chapter 1: An Introduction to VoIPSecurity........................................................................7 PART I: VOIP PROTOCOLS Chapter 2: Signaling: SIP Security...................................................................................19 Chapter 3: Signaling: H.323 Security..............................................................................49 Chapter 4: Media: RTP Security......................................................................................73 Chapter 5: Signaling and Media: IAX Security.................................................................93 PART II: VOIP SECURITY THREATS Chapter 6: Attacking VoIP Infrastructure.........................................................................113 Chapter 7: Unconventional VoIP Security Threats............................................................131 Chapter 8: Home VoIP Solutions...................................................................................153 PART III: ASSESS AND SECURE VOIP Chapter 9: Securing VoIP.............................................................................................179 Chapter 10: Auditing VoIP for Security Best Practices......................................................189 Index.........................................................................................................................199 www.it-ebooks.info www.it-ebooks.info