Thursday, September 17, 2009

VoIP security workshop at BruCON 2009

I'm back in my little island after SEC-T (which had excellent content btw!) but already need to leave again. This time to Brussels for BruCON, and together with Joffrey Czarny, I'll be hosting a workshop solely dedicated to VoIP security auditing.

Joffrey will be focusing on Cisco and other vendors and I'm really looking forward to that! I, on the other hand, will be talking more about freely available software such as Asterisk, Trixbox and X-lite. Here's a small preview of what's to come:
  • How to use siplib.py and iax2lib.py (used in VOIPPACK) to build security tools
  • We'll build scanners and extension enumeration tools in both SIP and IAX2
  • Showing that INVITE flood is just 3 lines of code which can bring down popular VoIP software (and we get to build those 3 lines of code!)
  • Showing denial of service issues (patched) in Asterisk
  • Reproducing the SIP digest leakage in less than 50 lines of code
  • Demonstration of web related issues that affect PBX servers
  • Show of how IPS systems can actually be harmful in the world of UDP
Looking forward to this .. if you want to join register at this page. Just 5 seats left!

Monday, September 7, 2009

SEC-T in Sweden and SIPVicious update in svn

Its been a while since I updated SIPVicious, mostly because I have been working on SIPVicious 2.0 (being used in VOIPSCANNER.com). However I decided to add a few new options for svmap and svreport to help me with the research for this new presentation I'll be giving on Friday at SEC-T in Stockholm, Sweden.
The presentation is called "Searching for phones on the Internet" and subtitled "Adventures with SIPVicious".

Will be posting more details on the presentation later on, but lets describe the new features in svmap.py:
  • -d, --debug , which prints SIP messages received, very handy when you need to watch what's happening in the background
  • -I scan1, --inputtext=scan1, allows you to specify a text file containing ranges of IP addresses just like you would on the command line; however instead of putting a space between each range, you should put each range in a separate line
  • --first=100, allows you to specify the number of SIP messages to send until svmap quits; this is useful when you have large ranges of IP addresses and you only want to scan the first few thousand addresses; works well with --randomize
Svreport was also updated to support 2 new options:
  • stats : allows you to extract some basic statistics from the session files (saved svmap output)
  • search : which simply searches through svmap's sessions
To update your copy of SIPVicious run:
hostname:sipviciousdir user$ svn update

Please send me any feedback to sandro@enablesecurity.com and let me know if you found these new options useful.