VoIP or voice over IP (Internet protocol) is a transmission mode
designed for use in voice and multimedia communications. As IP (Internet
protocol)-based networks like the Internet seem to be most successful
communications infrastructure, the traditional telephone network is
currently being replaced VoIP. Nowadays, its clear improvements and
advantages over the old systems make it a popular substitute, with a
number of advantages. Among them:
- The low cost of VoIP as
compared to a traditional telephone network. There are any number of
services available free of cost (like Skype) that allow you to
communicate over distances long or short, PC-to-PC and free of cost.
- VoIP
is portable. Portability and mobility is another advantage of VoIP over
traditional telephone; you only need an Internet connection for
communication.
- VoIP service includes a number of
different advanced features not normally available with traditional
telephone service, including call forwarding, conference call, caller
ID, virtual numbers and more.
The advantages are many but
this is not our main topic of discussion. (Likewise, there are a number
of disadvantages, too: VoIP services depend on Internet connection
speed; voice quality depends on the performance of your computer, and so
forth). So what is our point in discussing this? What we examine here
will be the security aspect of VoIP. In this article, we will review:
- An overview of VoIP
- What is Asterisk? (and what are the functionalities)
- What is Trixbox?
- VoIP hacking (Penetration testing on an asterisk based network)
With
so many aforementioned advantages, VoIP is gaining popularity among
both organizations and private users alike. But what about the security
issues? As should be entirely predictable, any new technology
immediately presents opportunities for those seeking to cause mischief.
This is confirmed by reports I’m sure you’ve heard about: not just the
phone hacking scandal in Britain, but the hacking in which thieves
easily steal confidential information from a victim because their
network was not secure.
If you are a pen tester or ethical hacker,
then you have an idea about the importance of penetration testing in VoIP, because most of the important communications going on today occur
on VoIP and securing confidential information is therefore critical. We
will do some practical penetration testing on a VoIP-based network, but
first of all I will show you how to build it.
Asterisk is an
open-source software that can turn your computer into a communications
server. There’s an asterisk software for PBX (private branch exchange)
that allows you to make calls and transfer your data.
Trixbox is a wonderful software (or PBX: private branch exchange), based on the asterisk project. It was formally known as Asterisk@Home
but in October 2006 it was renamed Trixbox. The difference between
trixbox with other PBX is that trixbox is based on IP (Internet
protocol) and has been designed for small and medium sized businesses.
There are mainly two version of trixbox available: one is Trixbox CE (a
free and open source), while the other – called Trixbox Pro – is one
that you will need to purchase.
Protocols & Ports
You
must have an idea about the protocols and their ports before attempting
to launch actual penetration testing on a VoIP network.
SIP (or
session initiation protocol) has been defined by Internet Engineering
Task Force (IETF) as the protocol for VoIP communication (in other
words: a signaling protocol). SIP uses port 5060 and 5061 for both TCP
and UDP.
SDP or session description protocol is for multimedia
communications, while MGCP (media gateway control protocol) uses port
number 2427 and 2727 for UDP.
RTP (real-time transfer protocol)
defines the packets to deliver videos and audios on IP based network
like VoIP. RTCP (RTP control protocol) is just like RTP, and it is used
to structure the packets that are defined by RTP.
IAX
(Inter-Asterisk eXchange) is an important protocol used in the asterisk
system and is supported by a different soft-phone and PBX. IAX2 is the
second version of IAX and works on the UDP port number 4569.
VoIP Penetration Testing
The
process of penetration testing on a VoIP network is generally the same
as the penetration testing on any other network. All we need to do is to
follow the general guidelines, starting with information gathering, as
we would with any form of penetration testing. We will do the same on
VoIP network.
Let’s consider a
simple scenario: you have found an asterisk-based PBX while doing a
penetration test on a network, like the nmap result showing below:
It
might be some sort of VoIP server, so a smart penetration tester would
use the available tools to learn more about this server. Therefore, in
this section I will discuss some of the tools and their usage that will
be really helpful in VoIP penetration testing.
SMAP
SMAP
is a wonderful scanner that has the ability to detect SIP-enabled
devices (it can find a single IP or a range of IPs, to all the subnets)
and can locate any VoIP server within an operating system. So it will
help to understand the VoIP network.
root@bt:/pentest/voip/smap# ./smap 192.168.1.9
smap 0.6.0 <hs@123.org> http://www.wormulon.net/
192.168.1.9: ICMP reachable, SIP enabled
1 host scanned, 1 ICMP reachable, 1 SIP enabled (100.0%)
It shows that this host is a VoIP server. Let’s try to gather more information. |
|
root@bt:/pentest/voip/smap# ./smap -O 192.168.1.9
smap 0.6.0 <hs@123.org> http://www.wormulon.net/
192.168.1.9: ICMP reachable, SIP enabled
best guess (55% sure) fingerprint:
Asterisk PBX (unknown version)
User-Agent: Asterisk PBX 1.6.0.26-FONCORE-r78
1 host scanned, 1 ICMP reachable, 1 SIP enabled (100.0%)
-l: fingerprint learning mode
It is a wonderful argument that will give us more information.
SIP-Scan
It
is just like the SMAP, in that an SIP-scan is also used to detect
SIP-enabled devices. Likewise, it has the ability to scan over the
entire range of IPs.
root@bt:/pentest/voip/sipscan# ./sip-scan -i eth0 192.168.1.1-254
192.168.1.9: Asterisk PBX 1.6.0.26-FONCORE-r78
root@bt:/pentest/voip/sipscan#
The next article of VoIP hacking series will be publish later, so practice the tools mentioned above and do not forget to share it via your social media profiles.
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.