SlideShare une entreprise Scribd logo

Number one-issue-voip-today-fraud

Télécharger en tant que PPTX, PDF
Flavio Eduardo de Andrade Goncalves
Flavio Eduardo de Andrade Goncalves

Palestra Cluecon e 4KConf VoIP Security Training on Udemy Enroll here: http://bit.ly/2GL5MCT

TechnologieBusiness
1  sur  23
“Know your enemy” Sun Tzu's The Art of War The #1 Issue on VoIP, Fraud! How to identify, prevent and reduce damages caused by fraud Flavio E. Goncalves
About me • Author of the book “Building Telephony Systems with OpenSIPS” • CEO of sippulse.com a turnkey OpenSIPS solution for Telcos and Hosted PBX. • Member of the OpenSIPS foundation.
Agenda 1. How big is the problem? 2. Anatomy of an attack. 3. Types of attacks 4. Mitigation techniques 5. How to reduce damage if all previous measures failed Warning: This presentation is about VoIP fraud, there are many security issues, such as DOS and Eavesdropping not covered here !
How big is the problem? • June, 2009 – announced it had broken up a $55 million toll fraud ring that was operating internationally and targeting enterprise PBXs Source: Network World • December, 2010 – 11 million Euros on VoIP Fraud, calling to premium numbers in Somalia, Sierra Leone…. Source: SipVicious Blog
Anatomy of a simple attack. Step 1 – Buy a Premium Rate Number Step 2 – Find a vulnerable VoIP device And call the premium rate number Step 3 – Cash-out in the premium number
Common ways to get a password 1. SIP Scan and Bruteforce 2. TFTP attacks 3. Phone vulnerabilities 4. Signaling Attacks 5. PBX web interface vulnerabilities
Under Heavy Attack! • Basic Scan – sipvicious, friendly-scanner • Distributed SCAM by W32.Sality virus (discovered by Symantec/2010) Thousands of Corporate PBXs SIP Scan. Sality Peer-to-Peer Botnet Thousands of Register Attempts. Source: Symantec http://www.symantec.com/connect/blogs/distributed-cracker-voip
SIP Scan Mitigation • Mandatory strong passwords – 8 digits minimum, special chars… • Detect multiple authentication failures – Block IP with Fail2Ban – Block IP with Event Interface (OpenSIPS 1.7) • Early detection and discard – Detect specific signatures and patterns
Signaling Attacks • Malformed BYEs. Radius Server Generate incorrect duration on CDR SIP Proxy Bye with wrong Cseq/Routing Set Bye with wrong Cseq: BYE DETECTED WRONG CSEQ STOP BILLING!! DISCARD!!
Mitigation for Signaling Attacks • Dialog Aware Proxy if (has_totag()) /*sequential requests*/ if (!validate_dialog()) fix_route_dialog();
TFTP Attack • Trivial Attack against VoIP Infrastructure – 1st Option bruteforce tftp server – 2nd Option sniff tftp files using MitM techniques Get file 0001234A5B6C.cfg TFTP Server Get file 0001234A5B6D.cfg … Plaintext Configuration File With credentials in plain text XML or not • Solution – Use HTTPS or Encrypted config files
Attacks on SIP Phones • How many of you change the default password for IP phones? • How many of you update the IP Phone’s firmware regularly? Video #2 Video #1
More sophisticated attacks • SIP Digest Leak (1) INVITE in Mute (2) 200OK, User Answered (3) BYE, No Audio? (4) 401, WWW-Authenticate? (5) BYE, With Phone Credentials Current estimated time needed to break all 8 chars length passwords [a-zA-Z0-9]{1,8} ... 497 days [a-z0-9]{1,8} ...... 6 days Credits to Sandro Gaudio: blog.sipvicious.org
Mitigation for phone attacks • Don’t allow http/ssh access to the phones • Disable the web interface when possible. • Prefer secure automatic provisioning • Standardize phones, update regularly. • For SIP Digest Leak, drop 401 or 407 originated by subscribers.
Malformed Packets • Attack – Malformed packets can be used to exploit buffer overflows on phones. • Tools: Protos TEST suite • Mitigation – Detect malformed packets using OpenSIPS • Use Error_route to generate alerts • Handle exceptions – Use the event interface or fail2ban to ban the ofenders failregex= Auth Error for .* from <HOST> cause -[0-9] Malformed SIP request from user .* from <HOST>
TLS and SRTP • Not very effective against fraud • TLS is not used for authentication in most cases • TLS can help to avoid MitM attacks • SRTP and ZRTP protect you against eavesdropping, but do not prevent a fraudulent call to a premium rate number
What OpenSIPS can offer to help you? Subscribers Security and VoIP Infrastructure Admission Box Event and Alerting System Firewall Layer
What OpenSIPS can offer? • TLS and protocol translation • Nonce re-usage prevention • PIKE to detect spikes in req/s • Rate-Limit to throttle SIP traffic • Access any SIP header for sanity checks – Signature detection • Use the new event interface – Predefined events E_PIKE_BLOCKED – raise_event(event_name[, attrs] [, vals]) • Connect the event interface to a firewall and/or alerting system • Global Blacklists for premium rate numbers
Tips to prevent attacks 1. Use strong passwords 2. Detect and drop specific signatures 3. Ban IPs with authentication or malformed failures 4. Drop 401 and 407 from subscribers 5. Validate sequential requests, mainly BYEs 6. Use secure provisioning for phones 7. Do not allow unsecure external access to your system 8. Update phones regularly 9. Use TLS when possible to avoid MitM attacks 10. Use a secure network 1. ARP Inspection 2. Secure voice VLAN
Damage Control • Face a simple fact, sooner or later, a system open to the Internet will be compromised. • The hacker’s advantage – Administrators have to defend against all attacks, while one vulnerability is enough for the attacker! – The administrator is one, attackers are many!
Tips to reduce possible damages? 1. Do not allow all routes to all users. 2. Block premium-rate numbers (1-900) 3. Do not route numbers without a defined rate 4. Limit the number of simultaneous calls 5. Drop calls after a certain period of time. 6. Prefer prepaid, for postpaid use quotas 7. Consider geo-ip restrictions for customers 8. Build an alert system for unusual patterns 9. Use two-way authentication for high-risk routes
Thank You! Next OpenSIPS eBootcamp September 19th Learn OpenSIPS! Visit www.sippulse.com, a turnkey solution based on OpenSIPS Questions and contact, please send an email to flavio@sippulse.com or flavio@opensips.org

Recommandé

No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014Flavio Eduardo de Andrade Goncalves
 
No More Fraud Cluecon2014
No More Fraud Cluecon2014No More Fraud Cluecon2014
No More Fraud Cluecon2014Flavio Eduardo de Andrade Goncalves
 
Asterisk Voip
Asterisk VoipAsterisk Voip
Asterisk VoipVipin Sahu
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformHamid Fadishei
 
Using Asterisk in a SIP softswitch
Using Asterisk in a SIP softswitchUsing Asterisk in a SIP softswitch
Using Asterisk in a SIP softswitchMonica McArthur
 
02 asterisk - the future of telecommunications
02 asterisk - the future of telecommunications02 asterisk - the future of telecommunications
02 asterisk - the future of telecommunicationsTran Thanh
 
Jonny_Martin-Asterisk
Jonny_Martin-AsteriskJonny_Martin-Asterisk
Jonny_Martin-Asterisktutorialsruby
 
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesDefcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesPriyanka Aash
 

Recommandé

No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014Flavio Eduardo de Andrade Goncalves
 
No More Fraud Cluecon2014
No More Fraud Cluecon2014No More Fraud Cluecon2014
No More Fraud Cluecon2014Flavio Eduardo de Andrade Goncalves
 
Asterisk Voip
Asterisk VoipAsterisk Voip
Asterisk VoipVipin Sahu
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformHamid Fadishei
 
Using Asterisk in a SIP softswitch
Using Asterisk in a SIP softswitchUsing Asterisk in a SIP softswitch
Using Asterisk in a SIP softswitchMonica McArthur
 
02 asterisk - the future of telecommunications
02 asterisk - the future of telecommunications02 asterisk - the future of telecommunications
02 asterisk - the future of telecommunicationsTran Thanh
 
Jonny_Martin-Asterisk
Jonny_Martin-AsteriskJonny_Martin-Asterisk
Jonny_Martin-Asterisktutorialsruby
 
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesDefcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phones
Defcon 22-fatih-ozavci-vo ip-wars-attack-of-the-cisco-phonesPriyanka Aash
 
Asterisk Phone Systems
Asterisk Phone SystemsAsterisk Phone Systems
Asterisk Phone SystemsTelephone Wreckers
 
Astricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsAstricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsOlle E Johansson
 
Sangoma Vega Gateway Training Presentation
Sangoma Vega Gateway Training PresentationSangoma Vega Gateway Training Presentation
Sangoma Vega Gateway Training PresentationEmpatiq İletişim Teknolojileri AŞ.
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !Francesco Prior
 
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald..."Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...PROIDEA
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
*astTECS - IP PBX_2018
*astTECS - IP PBX_2018*astTECS - IP PBX_2018
*astTECS - IP PBX_2018Salman Muhammed Ashraf
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !Francesco Prior
 
Scanning The Intertubes For Voip
Scanning The Intertubes For VoipScanning The Intertubes For Voip
Scanning The Intertubes For VoipSandro Gauci
 
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Positive Hack Days
 
CCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeCCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeAhmed Habib
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Cyber Security Alliance
 
Unv banking &amp; finance video surveillance solution v1.00
Unv banking &amp; finance video surveillance solution v1.00Unv banking &amp; finance video surveillance solution v1.00
Unv banking &amp; finance video surveillance solution v1.00Abul Hasnat Sohel
 
Grandstream Network Video Recorder GVR3550 presentation
Grandstream Network Video Recorder GVR3550 presentationGrandstream Network Video Recorder GVR3550 presentation
Grandstream Network Video Recorder GVR3550 presentationEmpatiq İletişim Teknolojileri AŞ.
 
Authentication Methods in Videoconferencing Systems
Authentication Methods in Videoconferencing SystemsAuthentication Methods in Videoconferencing Systems
Authentication Methods in Videoconferencing SystemsVideoguy
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAAAhmed Habib
 
Denis Baranov: Root via XSS
Denis Baranov: Root via XSSDenis Baranov: Root via XSS
Denis Baranov: Root via XSSqqlan
 
Yealink CP960 HD IP Conference Phone Data Sheet
Yealink CP960 HD IP Conference Phone Data SheetYealink CP960 HD IP Conference Phone Data Sheet
Yealink CP960 HD IP Conference Phone Data Sheetbest4systems
 
Building a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communicationsBuilding a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communicationsPaloSanto Solutions
 
5.sp2013 cst229 peck
5.sp2013 cst229 peck5.sp2013 cst229 peck
5.sp2013 cst229 peckdkaram
 
Orasi likmi
Orasi likmiOrasi likmi
Orasi likmiNanang Sasongko
 
@WR_ARP committee presentation
@WR_ARP committee presentation@WR_ARP committee presentation
@WR_ARP committee presentationCatherine Taylor
 

Contenu connexe

Tendances

Astricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsAstricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsOlle E Johansson
 
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald..."Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...PROIDEA
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
Scanning The Intertubes For Voip
Scanning The Intertubes For VoipScanning The Intertubes For Voip
Scanning The Intertubes For VoipSandro Gauci
 
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Positive Hack Days
 
CCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeCCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeAhmed Habib
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Cyber Security Alliance
 
Unv banking &amp; finance video surveillance solution v1.00
Unv banking &amp; finance video surveillance solution v1.00Unv banking &amp; finance video surveillance solution v1.00
Unv banking &amp; finance video surveillance solution v1.00Abul Hasnat Sohel
 
Authentication Methods in Videoconferencing Systems
Authentication Methods in Videoconferencing SystemsAuthentication Methods in Videoconferencing Systems
Authentication Methods in Videoconferencing SystemsVideoguy
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAAAhmed Habib
 
Denis Baranov: Root via XSS
Denis Baranov: Root via XSSDenis Baranov: Root via XSS
Denis Baranov: Root via XSSqqlan
 
Yealink CP960 HD IP Conference Phone Data Sheet
Yealink CP960 HD IP Conference Phone Data SheetYealink CP960 HD IP Conference Phone Data Sheet
Yealink CP960 HD IP Conference Phone Data Sheetbest4systems
 
Building a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communicationsBuilding a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communicationsPaloSanto Solutions
 

Tendances (19)

Asterisk Phone Systems
Asterisk Phone SystemsAsterisk Phone Systems
Asterisk Phone Systems
 
Astricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installationsAstricon 2010: Scaling Asterisk installations
Astricon 2010: Scaling Asterisk installations
 
Sangoma Vega Gateway Training Presentation
Sangoma Vega Gateway Training PresentationSangoma Vega Gateway Training Presentation
Sangoma Vega Gateway Training Presentation
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !
 
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald..."Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
"Attacking industrial remote controllers for fun and profit" - Dr. Marco Bald...
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
*astTECS - IP PBX_2018
*astTECS - IP PBX_2018*astTECS - IP PBX_2018
*astTECS - IP PBX_2018
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !
 
Scanning The Intertubes For Voip
Scanning The Intertubes For VoipScanning The Intertubes For Voip
Scanning The Intertubes For Voip
 
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
 
CCNA Security 05- securing the management plane
CCNA Security 05- securing the management planeCCNA Security 05- securing the management plane
CCNA Security 05- securing the management plane
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
 
Unv banking &amp; finance video surveillance solution v1.00
Unv banking &amp; finance video surveillance solution v1.00Unv banking &amp; finance video surveillance solution v1.00
Unv banking &amp; finance video surveillance solution v1.00
 
Grandstream Network Video Recorder GVR3550 presentation
Grandstream Network Video Recorder GVR3550 presentationGrandstream Network Video Recorder GVR3550 presentation
Grandstream Network Video Recorder GVR3550 presentation
 
Authentication Methods in Videoconferencing Systems
Authentication Methods in Videoconferencing SystemsAuthentication Methods in Videoconferencing Systems
Authentication Methods in Videoconferencing Systems
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAA
 
Denis Baranov: Root via XSS
Denis Baranov: Root via XSSDenis Baranov: Root via XSS
Denis Baranov: Root via XSS
 
Yealink CP960 HD IP Conference Phone Data Sheet
Yealink CP960 HD IP Conference Phone Data SheetYealink CP960 HD IP Conference Phone Data Sheet
Yealink CP960 HD IP Conference Phone Data Sheet
 
Building a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communicationsBuilding a new ecosystem for interoperable communications
Building a new ecosystem for interoperable communications
 

En vedette

5.sp2013 cst229 peck
5.sp2013 cst229 peck5.sp2013 cst229 peck
5.sp2013 cst229 peckdkaram
 
@WR_ARP committee presentation
@WR_ARP committee presentation@WR_ARP committee presentation
@WR_ARP committee presentationCatherine Taylor
 
Олена Бобкіна “Проект мрії або як запалити свою зірку на IT небосхилі”
Олена Бобкіна “Проект мрії або як запалити свою зірку на IT небосхилі”Олена Бобкіна “Проект мрії або як запалити свою зірку на IT небосхилі”
Олена Бобкіна “Проект мрії або як запалити свою зірку на IT небосхилі”Lviv Startup Club
 
Snati2011 Penelitian cloud computing - nanang
Snati2011 Penelitian cloud computing - nanangSnati2011 Penelitian cloud computing - nanang
Snati2011 Penelitian cloud computing - nanangNanang Sasongko
 
Developmental Workbook
Developmental WorkbookDevelopmental Workbook
Developmental WorkbookxMuffn_Luvx
 
Peking opera assignment
Peking opera assignmentPeking opera assignment
Peking opera assignmentxMuffn_Luvx
 
Netetik -/ og digital kommunikation
Netetik -/ og digital kommunikationNetetik -/ og digital kommunikation
Netetik -/ og digital kommunikationAnders Damgaard Fink
 
Build your first Monster APP
Build your first Monster APPBuild your first Monster APP
Build your first Monster APP2600Hz
 
2600Hz - Telecom Rating and Limits
2600Hz - Telecom Rating and Limits2600Hz - Telecom Rating and Limits
2600Hz - Telecom Rating and Limits2600Hz
 
SIPLABS - Hard Rocking Kazoo - KazooCon 2015
SIPLABS - Hard Rocking Kazoo - KazooCon 2015SIPLABS - Hard Rocking Kazoo - KazooCon 2015
SIPLABS - Hard Rocking Kazoo - KazooCon 20152600Hz
 
Voxter - Building Value with Kazoo - KazooCon 2015
Voxter - Building Value with Kazoo - KazooCon 2015Voxter - Building Value with Kazoo - KazooCon 2015
Voxter - Building Value with Kazoo - KazooCon 20152600Hz
 
2600Hz - Detecting and Managing VoIP Fraud
2600Hz - Detecting and Managing VoIP Fraud2600Hz - Detecting and Managing VoIP Fraud
2600Hz - Detecting and Managing VoIP Fraud2600Hz
 
KazooCon 2014 - Kazoo Scalability
KazooCon 2014 - Kazoo ScalabilityKazooCon 2014 - Kazoo Scalability
KazooCon 2014 - Kazoo Scalability2600Hz
 
2600Hz - Billing Data with Kazoo
2600Hz - Billing Data with Kazoo2600Hz - Billing Data with Kazoo
2600Hz - Billing Data with Kazoo2600Hz
 

En vedette (17)

5.sp2013 cst229 peck
5.sp2013 cst229 peck5.sp2013 cst229 peck
5.sp2013 cst229 peck
 
Orasi likmi
Orasi likmiOrasi likmi
Orasi likmi
 
@WR_ARP committee presentation
@WR_ARP committee presentation@WR_ARP committee presentation
@WR_ARP committee presentation
 
Олена Бобкіна “Проект мрії або як запалити свою зірку на IT небосхилі”
Олена Бобкіна “Проект мрії або як запалити свою зірку на IT небосхилі”Олена Бобкіна “Проект мрії або як запалити свою зірку на IT небосхилі”
Олена Бобкіна “Проект мрії або як запалити свою зірку на IT небосхилі”
 
Snati2011 Penelitian cloud computing - nanang
Snati2011 Penelitian cloud computing - nanangSnati2011 Penelitian cloud computing - nanang
Snati2011 Penelitian cloud computing - nanang
 
Developmental Workbook
Developmental WorkbookDevelopmental Workbook
Developmental Workbook
 
Mashtalk chrlohya
Mashtalk chrlohyaMashtalk chrlohya
Mashtalk chrlohya
 
Peking opera assignment
Peking opera assignmentPeking opera assignment
Peking opera assignment
 
Netetik -/ og digital kommunikation
Netetik -/ og digital kommunikationNetetik -/ og digital kommunikation
Netetik -/ og digital kommunikation
 
Build your first Monster APP
Build your first Monster APPBuild your first Monster APP
Build your first Monster APP
 
2600Hz - Telecom Rating and Limits
2600Hz - Telecom Rating and Limits2600Hz - Telecom Rating and Limits
2600Hz - Telecom Rating and Limits
 
Provisioning Q and A
Provisioning Q and AProvisioning Q and A
Provisioning Q and A
 
SIPLABS - Hard Rocking Kazoo - KazooCon 2015
SIPLABS - Hard Rocking Kazoo - KazooCon 2015SIPLABS - Hard Rocking Kazoo - KazooCon 2015
SIPLABS - Hard Rocking Kazoo - KazooCon 2015
 
Voxter - Building Value with Kazoo - KazooCon 2015
Voxter - Building Value with Kazoo - KazooCon 2015Voxter - Building Value with Kazoo - KazooCon 2015
Voxter - Building Value with Kazoo - KazooCon 2015
 
2600Hz - Detecting and Managing VoIP Fraud
2600Hz - Detecting and Managing VoIP Fraud2600Hz - Detecting and Managing VoIP Fraud
2600Hz - Detecting and Managing VoIP Fraud
 
KazooCon 2014 - Kazoo Scalability
KazooCon 2014 - Kazoo ScalabilityKazooCon 2014 - Kazoo Scalability
KazooCon 2014 - Kazoo Scalability
 
2600Hz - Billing Data with Kazoo
2600Hz - Billing Data with Kazoo2600Hz - Billing Data with Kazoo
2600Hz - Billing Data with Kazoo
 

Similaire à Number one-issue-voip-today-fraud

VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceSuhas Desai
 
Spying The Wire
Spying The WireSpying The Wire
Spying The WireDon Anto
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksRohan Fernandes
 
Secure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishSecure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishAskozia
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
Solving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open StandardsSolving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open StandardsChristina Inge
 
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tDefcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tpseudor00t overflow
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolMartin Vigo
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesRPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesCal Leeming
 
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPROIDEA
 
An approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxAn approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxamalouwarda1
 

Similaire à Number one-issue-voip-today-fraud (20)

Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open SourceI N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
I N T E R O P09 Suhas Desai Secure Your Vo I P Network With Open Source
 
VoIP Security
VoIP SecurityVoIP Security
VoIP Security
 
Spying The Wire
Spying The WireSpying The Wire
Spying The Wire
 
Meletis Belsis - IMS Security
Meletis Belsis - IMS SecurityMeletis Belsis - IMS Security
Meletis Belsis - IMS Security
 
Protect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacksProtect your IPPBX against VOIP attacks
Protect your IPPBX against VOIP attacks
 
Secure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishSecure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, English
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101
 
SBC: Do I really need it?
SBC: Do I really need it?SBC: Do I really need it?
SBC: Do I really need it?
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay alive
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
Solving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open StandardsSolving the BYOD Problem with Open Standards
Solving the BYOD Problem with Open Standards
 
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00tDefcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
Defcon 21-ozavci-vo ip-wars-return-of-the-sip by pseudor00t
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/Secuirty
 
RPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slidesRPS/APS vulnerability in snom/yealink and others - slides
RPS/APS vulnerability in snom/yealink and others - slides
 
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP SecurityPLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
PLNOG 5: Rainer Baeder - Fortinet Overview, Fortinet VoIP Security
 
An approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptxAn approach to mitigate DDoS attacks on SIP.pptx
An approach to mitigate DDoS attacks on SIP.pptx
 

Plus de Flavio Eduardo de Andrade Goncalves

Plus de Flavio Eduardo de Andrade Goncalves (6)

Asterisk sip channel performance
Asterisk sip channel performanceAsterisk sip channel performance
Asterisk sip channel performance
 
Asterisk Complete Training
Asterisk Complete TrainingAsterisk Complete Training
Asterisk Complete Training
 
Asteriskem sistemasembarcados
Asteriskem sistemasembarcadosAsteriskem sistemasembarcados
Asteriskem sistemasembarcados
 
Call Center baseado em Asterisk
Call Center baseado em AsteriskCall Center baseado em Asterisk
Call Center baseado em Asterisk
 
Oreka, O Gravador VoIP Open Source
Oreka, O Gravador VoIP Open SourceOreka, O Gravador VoIP Open Source
Oreka, O Gravador VoIP Open Source
 
Asterisk casosdesucesso
Asterisk casosdesucessoAsterisk casosdesucesso
Asterisk casosdesucesso
 

Dernier

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingSelcen Ozturkcan
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Dernier (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Number one-issue-voip-today-fraud

  • 1. “Know your enemy” Sun Tzu's The Art of War The #1 Issue on VoIP, Fraud! How to identify, prevent and reduce damages caused by fraud Flavio E. Goncalves
  • 2. About me • Author of the book “Building Telephony Systems with OpenSIPS” • CEO of sippulse.com a turnkey OpenSIPS solution for Telcos and Hosted PBX. • Member of the OpenSIPS foundation.
  • 3. Agenda 1. How big is the problem? 2. Anatomy of an attack. 3. Types of attacks 4. Mitigation techniques 5. How to reduce damage if all previous measures failed Warning: This presentation is about VoIP fraud, there are many security issues, such as DOS and Eavesdropping not covered here !
  • 4. How big is the problem? • June, 2009 – announced it had broken up a $55 million toll fraud ring that was operating internationally and targeting enterprise PBXs Source: Network World • December, 2010 – 11 million Euros on VoIP Fraud, calling to premium numbers in Somalia, Sierra Leone…. Source: SipVicious Blog
  • 5. Anatomy of a simple attack. Step 1 – Buy a Premium Rate Number Step 2 – Find a vulnerable VoIP device And call the premium rate number Step 3 – Cash-out in the premium number
  • 6.
  • 7. Common ways to get a password 1. SIP Scan and Bruteforce 2. TFTP attacks 3. Phone vulnerabilities 4. Signaling Attacks 5. PBX web interface vulnerabilities
  • 8. Under Heavy Attack! • Basic Scan – sipvicious, friendly-scanner • Distributed SCAM by W32.Sality virus (discovered by Symantec/2010) Thousands of Corporate PBXs SIP Scan. Sality Peer-to-Peer Botnet Thousands of Register Attempts. Source: Symantec http://www.symantec.com/connect/blogs/distributed-cracker-voip
  • 9. SIP Scan Mitigation • Mandatory strong passwords – 8 digits minimum, special chars… • Detect multiple authentication failures – Block IP with Fail2Ban – Block IP with Event Interface (OpenSIPS 1.7) • Early detection and discard – Detect specific signatures and patterns
  • 10. Signaling Attacks • Malformed BYEs. Radius Server Generate incorrect duration on CDR SIP Proxy Bye with wrong Cseq/Routing Set Bye with wrong Cseq: BYE DETECTED WRONG CSEQ STOP BILLING!! DISCARD!!
  • 11. Mitigation for Signaling Attacks • Dialog Aware Proxy if (has_totag()) /*sequential requests*/ if (!validate_dialog()) fix_route_dialog();
  • 12. TFTP Attack • Trivial Attack against VoIP Infrastructure – 1st Option bruteforce tftp server – 2nd Option sniff tftp files using MitM techniques Get file 0001234A5B6C.cfg TFTP Server Get file 0001234A5B6D.cfg … Plaintext Configuration File With credentials in plain text XML or not • Solution – Use HTTPS or Encrypted config files
  • 13. Attacks on SIP Phones • How many of you change the default password for IP phones? • How many of you update the IP Phone’s firmware regularly? Video #2 Video #1
  • 14. More sophisticated attacks • SIP Digest Leak (1) INVITE in Mute (2) 200OK, User Answered (3) BYE, No Audio? (4) 401, WWW-Authenticate? (5) BYE, With Phone Credentials Current estimated time needed to break all 8 chars length passwords [a-zA-Z0-9]{1,8} ... 497 days [a-z0-9]{1,8} ...... 6 days Credits to Sandro Gaudio: blog.sipvicious.org
  • 15. Mitigation for phone attacks • Don’t allow http/ssh access to the phones • Disable the web interface when possible. • Prefer secure automatic provisioning • Standardize phones, update regularly. • For SIP Digest Leak, drop 401 or 407 originated by subscribers.
  • 16. Malformed Packets • Attack – Malformed packets can be used to exploit buffer overflows on phones. • Tools: Protos TEST suite • Mitigation – Detect malformed packets using OpenSIPS • Use Error_route to generate alerts • Handle exceptions – Use the event interface or fail2ban to ban the ofenders failregex= Auth Error for .* from <HOST> cause -[0-9] Malformed SIP request from user .* from <HOST>
  • 17. TLS and SRTP • Not very effective against fraud • TLS is not used for authentication in most cases • TLS can help to avoid MitM attacks • SRTP and ZRTP protect you against eavesdropping, but do not prevent a fraudulent call to a premium rate number
  • 18. What OpenSIPS can offer to help you? Subscribers Security and VoIP Infrastructure Admission Box Event and Alerting System Firewall Layer
  • 19. What OpenSIPS can offer? • TLS and protocol translation • Nonce re-usage prevention • PIKE to detect spikes in req/s • Rate-Limit to throttle SIP traffic • Access any SIP header for sanity checks – Signature detection • Use the new event interface – Predefined events E_PIKE_BLOCKED – raise_event(event_name[, attrs] [, vals]) • Connect the event interface to a firewall and/or alerting system • Global Blacklists for premium rate numbers
  • 20. Tips to prevent attacks 1. Use strong passwords 2. Detect and drop specific signatures 3. Ban IPs with authentication or malformed failures 4. Drop 401 and 407 from subscribers 5. Validate sequential requests, mainly BYEs 6. Use secure provisioning for phones 7. Do not allow unsecure external access to your system 8. Update phones regularly 9. Use TLS when possible to avoid MitM attacks 10. Use a secure network 1. ARP Inspection 2. Secure voice VLAN
  • 21. Damage Control • Face a simple fact, sooner or later, a system open to the Internet will be compromised. • The hacker’s advantage – Administrators have to defend against all attacks, while one vulnerability is enough for the attacker! – The administrator is one, attackers are many!
  • 22. Tips to reduce possible damages? 1. Do not allow all routes to all users. 2. Block premium-rate numbers (1-900) 3. Do not route numbers without a defined rate 4. Limit the number of simultaneous calls 5. Drop calls after a certain period of time. 6. Prefer prepaid, for postpaid use quotas 7. Consider geo-ip restrictions for customers 8. Build an alert system for unusual patterns 9. Use two-way authentication for high-risk routes
  • 23. Thank You! Next OpenSIPS eBootcamp September 19th Learn OpenSIPS! Visit www.sippulse.com, a turnkey solution based on OpenSIPS Questions and contact, please send an email to flavio@sippulse.com or flavio@opensips.org