sip security
in [Cisco]
|
Prev: HSRP
Next: Brand new ASA5510 acting very strange...
From: tg on 24 Jun 2010 18:08 > It's much worse: one could use your router as toll fraud chain... fortunately I only have a small amount in payg credit so that's the most I could lose. But how could anyone on the WAN side 'use my router'?
From: tg on 24 Jun 2010 18:45 > No. The client sends a MD5 has of the password across the > connection. The server sends a "nonce" to hash with the password, to > prevent replay attacks. thanks for your feedback on this Doug. Have you seen this? https://learningnetwork.cisco.com/blogs/network-sheriff/2009/05/26/confessions-of-a-voip-hacker midway through the article is mentions ' SIPScan to enumerate more info'. This sounds like sip trunk sniffing would you agree?
From: Doug McIntyre on 25 Jun 2010 01:14 "tg" <nospam(a)nospameverever.net> writes: >> No. The client sends a MD5 has of the password across the >> connection. The server sends a "nonce" to hash with the password, to >> prevent replay attacks. >thanks for your feedback on this Doug. Have you seen this? >https://learningnetwork.cisco.com/blogs/network-sheriff/2009/05/26/confessions-of-a-voip-hacker >midway through the article is mentions ' SIPScan to enumerate more info'. >This sounds like sip trunk sniffing would you agree? Here's a demo of sipscan in action.. You can also download it yourself. http://enablesecurity.com/products/enablesecurity-voippack-sipscan-demo/ SIP is a very chatty protocol. Most people setting up a "PBX" type application of SIP usually are very lazy about security surrounding the protocol. Letting anybody connect to it. By default it will let anybody connect. What they can do beyond that is really up to how the device is setup beyond that. (And since things like Cisco gateways doing SIP offer you an infinate number of ways to configure things beyond that, many are going to be very insecure methods). Since SIP allows two way control of things that potentially can cost you money, make sure you know who is connecting to your SIP trunks, or throw the whole thing behind a firewall, only opening up the smallest hole you need to to have it work. Its not like HTTP which generally only allows one way flow of data down.
From: Gary on 30 Jun 2010 19:54
Doug McIntyre wrote: > By default it will let anybody connect. What they can do beyond that > is really up to how the device is setup beyond that. (And since things > like Cisco gateways doing SIP offer you an infinate number of ways to > configure things beyond that, many are going to be very insecure > methods). ... or throw the whole thing behind a firewall, only opening > up the smallest hole you need to to have it work. I would highly recommend that the original poster, tg, study up a bit more on the SIP protocol, hashes that don't use salts, rainbow tables, best practices for deploying SIP services. Then they may wish to decide whether their current Cisco gear is best suited for their deployment. Below are a few places to start aside from contacting the TAC, turning on SIP packet inspection, etc. http://en.wikipedia.org/wiki/Rainbow_table http://en.wikipedia.org/wiki/Session_Initiation_Protocol http://www.sipcenter.com/sip.nsf/html/Firewalls+Security -Gary |