VoIP Security Vulnerabilities and Solutions

VoIP Security Vulnerabilities and Solutions

What is the voice over IP vulnerabilities?

It’s fairly well-known the voice over IP and the protocols that work with it are particularly secure. Today I’m going to demonstrate a couple different methods in ways of interfering with voice over IP. It’s a little bit of know-how it’s a relatively simple so a handful of protocols that are used by voice over IP and one we’re going to be working with is SIP.

Probably one of the more common ones so basically we’re going to have two clients talking to one another and from another machine. On the same network, I’m going to demonstrate a flying technique and a what’s called RTP injection and both are definitely can be detrimental to a SIP conversation and see how it goes. First I’m going to show our IP flooding this is essentially we’re within a voice over IP conversation I pick one of the clients and completely flooded flood their IP in particular poor with packets. Alright so I’m going to be using backtrack 5 linux distro with some hacking tools i guess you could say built in and so will be using RTP flood for this experiment.

Specific destination port

VoIP Security Vulnerabilities and Solutions

Basically just type in the command here so essentially what this will do is put in the source IP in the destination IP and so here we r put in the source port in the destination port and how many packets and then basically just put in the sequence number and time stamp and SSID which I just put all ones and for you can see where it’s sending all the packets rapidly. I just did it 500 times to show an example but you could, of course, do many more and here that’s pretty much it so here in Wireshark which is a packet analyzer. You can see all of the packets that came down to the client and the on that specific destination port and that’s the port that voice over IP communicates.

It can pretty much prevent any outgoing calls and can occasionally stop a conversation as well next I’m going to demonstrate RTP injection and what happens here is you can select an audio file and basically inject it into the conversation on one side of the conversation basically works of this so here is the RTP inject application and basically select my audio audio file you want to use I just picked out one of the sound effects here and then you just pick your source and destination.

When it pops up when they’re wanted to text a voice over IP conversation and then you just click inject and you’ll see in a moment what happens, in this case, it doesn’t actually play the file completely it just kind of interrupts the conversation. This is what happens on the client which is getting the injected all your file hey Paul I’m good how are you oh I had a really good day thanks oh it’s pretty rainy but otherwise it was a great day Wow well I can hear you Polly there as you can see unsecured voice over IP communications can easily be interrupted. There are ways around it though encryption is for more obvious ones and I just designing your network architecture properly with something such as ip can completely I shouldn’t say completely but mostly prevent issues such as these thanks for watching


Please enter your comment!
Please enter your name here