Сигурност във VoIP мрежите

[ VOIP
]
: . -.
VoIP
:
1. ............................................................................................................................................................... 3
2. VoIP...................................................................................................................................... 3
3. ........................................................................................................................................ 4
4. VoIP ........................................................................................................................ 5
4.1 ......................................................................................................................................... 6
4.2 H.323 ............................................................................................................................32
4.3 Real Time Protocol (RTP) ...........................................................................................................................39
5. .....................................................................................................................................41
5.1 ..........................................................................................41
5.2 - TLS ....................................................................................................46
5.3 () - DTLS .................................................49
5.4 S/MIME ....................................................................................................................................................50
5.5 ............................................................................................................................................52
5.6 IPSec ........................................................................................................................................................52
5.7 H.323...........................................................................................................54
5.8 MGCP ............................................................................................................60
5.9 ..............................................................................................................60
6. VOIP ............................................................................................................67
6.1 .................................................................................................................67
6.2 ....................................................................................................................68
6.3 .............................................................69
6.4 QoS (shaping) ............................................................................................69
6.5 ......................................................................................................................................70
6.6 NAT IP ................................................................................................................................70
6.7 (ACL) .....................................................................................................71
7. VoIP ...........................................................................................................71
7.1 - NIDS ..........................................................................................71
7.2 - - HIDS .................................................................75
7.3 log ......................................................................................................................75
7.4 Syslog .......................................................................................................................................................75
8. .....................................................................................................................................76
9. ..................................................................................................................................................79
VoIP
1.
,
, . PSTN (Public Switched
Telephone Network) IP (Internet Protocol) (NGN Next
Generation Network), IP
(IMS IP Multimedia Subsystem).
.
triple play, ,
. triple play, quad play , ,
.
IP IPv4 IPv6
, WWW . / ( pipe).
IP - PSTN, IP
,
. ,
, .
VoIP (QoS),
( Denial of Service, DoS).
, (burst),
, jitter. IP
, .
, .
, IP ; . IP
, , -
,
. IP , .
2. VoIP
VoIP
VPN , ,
. , ,
. ,
, , hosted .
VoIP ,
, . ,
,
. Microsoft Messenger,
Hotmail . Skype,
,
Skype. , ,
Vonage, Broadvoice, SunRocket,Hermes phone Packet8.
VoIP
, PSTN . ,
. ,
, VoIP .
,
. VoIP
VoIP. ,
, .
, ,
, ,
.
, VoIP
. ,
. - IP Sigtran ,
SS7 IP, PSTN IP .
VoIP
VoIP,
:
IP

,

3.
, VoIP.
, ,
. , ,
, ,
. . ,
PBX . ,
VoIP , - -.
, , VoIP /
Ethernet VoIP ( ) -
.
, - (untrusted) ,
, - ,
VoIP .
, , VoIP ,
.
3-1. VoIP
VoIP
4. VoIP
IETF :

-- (Interruption-of-service)
-- (abuse-of-service)

,
. VOIPSA (Voice Over IP Security Alliance; voipsa.org) ,
,
. IETF
,
, ,
.
, VoIP :
- VoIP ,
, , .
, VoIP , , DNS
, SIP , - , ..
,
VoIP , , .
(. VoIP ), ,
SIP , .
( ) SPIT (
).
,
. VoIP (,
), ,
, .
(.., , ,
/ ).
( )
, ,
- .
(masquerading)
, , , , ,
, . ,
, ,
. ,
.
, ,

VoIP (, , SIP
DNS ). , ID
,
(spoofing) CID ,
. VoIP
- ,
VoIP ( ARP, IP DNS).
, ,
.
, , ,
, .
,
, - ,
VoIP
, ,
. , SIP
VoIP ,
. ,

.
, .
VoIP .
- ,
.
VoIP ,
(billing). , VoIP

. , - VoIP
.
,
.
4.1
- - , VoIP.
(Denial of Service DoS)
VoIP, ,
.
DoS , VoIP
. ;
VoIP ( , ), ,
, VoIP .
4.1-1 , ,
.
4.1-1.
DoS
. ,
:
:
/
( )
VoIP
, (. )
:
(billing)
-

, " " VoIP, VoIP
/,
(, )
DoS. VoIP ,
.
DoS .
DoS ,
. DoS
, .
, ,
. VoIP (
), -
(,
). -
, -,
-.
VoIP , - DoS
, VoIP , VoIP , VoIP, SBC (-
). , (STB) . ,
DNS ,
ENUM, -
.
DoS , .
, . ,

.
, DoS . SIP
, SIP ,
.
SIP:
- IPv4, UDP TCP
TLS IPSec
SIP
SIP ,
RTP ,
, -
DoS , , SIP
(UA).
/ DoS DoS . ,
, ,
VoIP
.
. PSTN ,
PSTN VoIP . ,
, ,
(
). -,
, .
, -
. (reflection) (amplification),
,
. ,
.
, - , ,
, flood.
/
DoS .
- fuzzing.
-- (DoS) IP- . DoS
.
DoS . , -
-- (DDoS Distributed Denial of
Service) .
DS, ,
, - .
DDoS -,
- . , IP
, UDP - 65534 5060.
/, . DoS DDoS
, -;
, IP -,
.
DoS VoIP IP ,
DoS IP . , DoS
VoIP, -
. ,
DoS DDoS ,
, .
SIP (digest) ,
/ . HTTP
() , .
SIP REGISTER INVITE , ,
401 407,
. 401 407 (nonce
). , :
Username (. Ivan)
Realm (. iptelco.bg)
Password , UA (., HackniMe)
Method - SIP , (INVITE REGISTER)
URI (Uniform Resource Identifier) UA, SIP:192.168.2.102
Challenge (nonce) / , 401
407
Cnonce - nonce, ,
(QoS),
Nonce Count (nc) nonce,

VoIP
SIP UA SIP , :
1.
( REGISTER, INVITE SIP ).
2.
(SIP ) 401 407 - ,

nonce, .
SIP , MD5
, .
- hash, , (realm) ,
-:
MD5 (Username : Realm : Password)
3.
, MD5 hash, SIP ,

, REGISTER , URI-, . SIP:192.168.2.102,
-:
MD5 (Method : URI)
4.
, MD5 hash,
. MD5 hash 3, nonce 401/407
, nonce ( ), cnonce (
), MD5 hash 4, :
MD5 (MD5-step-3 : nonce : nc : cnonce : MD5-step-4)
nc cnonce , :
MD5 (MD5-step-3 : nonce : MD5-step-4)
5.
MD5 , 5 , .
6.
, , 3, 4 5
MD5 hash- ,
.
1 6,
:
1. MD5 (Ivan:iptelco.bg:HackniMe)
=
49be40838a87b1cb0731e35c41c06e04
2. MD5 (REGISTER:sip:192.168.2.102)
=
92102b6a8c0f764eeb1f97cbe6e67f21
3. MD5
(49be40838a87b1cb0731e35c41c06e04:350c0fec:92102b6a8c0f764eeb1f97cbe6e67f21)
=
717c51dadcad97100d8e36201ff11147 ( )
/ (enumeration)
(),
VoIP SIP ,
(sniffing). ,
80% .
, - . ,
.

SIP, ,
. UA REGISTER INVITE , ,
401, 403.
- (brute-force, ), REGISTER
. , 401,
.
VoIP
10
SIP (sniffing)
UA SIP , URI .
, , TLS .
, URI SIP:User@hostname:port
. (cleartext)
,
brute-force. ,
,
, .
, Wireshark.
4.1-2. SIP Wireshark
SIP
SIP U,
. SIP ,
;
.
SIP MD5 ,
(
).
.
, :
MD5_1 = MD5 (Username:Realm:Password)
MD5_2 = MD5 (Method:URI)
Response MD5 Value = MD5 (MD5_1:Nonce:MD5_2)
,
(realm), URI, nonce ( ), MD5 -
( -- MITM ),
. ,
- , ,
. ,
. , SIP
, ,
.
SIP
, , ,
SIP , . , SIP
. , URI
.
,
, realm,
MD5 . URI, MD5
. -, MD5,
nonce MD5 MD5 ,
. ,
VoIP
11
- ,
.
.
, .
:
Challenge (nonce): 350c0fec
Realm: iptlco.bg
-, :
Username: Ivan
Method: REGISTER
URI: SIP:192.168.2.102
MD5 Response Hash Value: 717c51dadcad97100d8e36201ff11147
, -,
( , ):
Setup Equation 1 MD5-1: MD5 (Ivan:iptlco.bg:Password)
Setup Equation 2 MD5-2: MD5 (REGISTER:sip:192.168.2.102)
Final Equation 3 717c51dadcad97100d8e36201ff11147: (MD5-1:350c0fec
:MD5-2)
1 , . 2
, URI . MD5
92102b6a8c0f764eeb1f97cbe6e67f21.
3 MD5 - 1, nonce SIP MD5
- 2. nonce , MD5 - - 2 ,
MD5 - - 1 brute-force.
, ,
- 1 , :
MD5-1 : MD5 (Ivan:iptelco.bg:Password )
f3ef32953eb0a515ee00916978a04eac : MD5 (Ivan:iptelco.bg:Hello )
44032ae134b07cee2e519f6518532bea : MD5 (Ivan:iptelco.bg:My )
08e07c4feffe79e208a68315e9050fe4 : MD5 (Ivan:iptelco.bg:Voice )
b7e9d8301b12a8c30f8cab6ed32bd0b6 : MD5 (Ivan:iptelco.bg:Is )
44032ae134b07cee2e519f6518532bea : MD5 (Ivan:iptelco.bg:My )
56a88ae72cff2c503841006d63a5ee98 : MD5 (Ivan:iptelco.bg:Passport )
7b925e7f71e32e0e8301898da182c944 : MD5 (Ivan:iptelco.bg:Verify )
a5d8761336f52fc74922753989f579c4 : MD5 (Ivan:iptelco.bg:Me )
49be40838a87b1cb0731e35c41c06e04 : MD5 (Ivan:iptelco.bg:HackniMe )
MD5 1, MD5 - 2
(92102b6a8c0f764eeb1f97cbe6e67f21), (nonce) 3
(350c0fec), , brute-force - 3
-. MD5_1, ,
MD5_2 nonce:
MD5 = (MD5-1:72fbe97f:MD5-2)
bba91fc34976257bb5aa47aeca831e8e =
(f3ef32953eb0a515ee00916978a04eac:350c0fec:92102b6a8c0f764eeb1f97cbe6e67f21)
01d0e5f7c084cbf9e028758280ffc587 =
(44032ae134b07cee2e519f6518532bea:350c0fec:92102b6a8c0f764eeb1f97cbe6e67f21)
5619e7d8716de9c970e4f24301b2d88e =
VoIP
12
(08e07c4feffe79e208a68315e9050fe4:350c0fec:92102b6a8c0f764eeb1f97cbe6e67f21)
8672c6c38c335ef8c80e7ae45b5122f8 =
(b7e9d8301b12a8c30f8cab6ed32bd0b6:350c0fec:92102b6a8c0f764eeb1f97cbe6e67f21)
01d0e5f7c084cbf9e028758280ffc587 =
(44032ae134b07cee2e519f6518532bea:350c0fec:92102b6a8c0f764eeb1f97cbe6e67f21)
913408579b0beb3b6a70e7cc2b8688f9 =
(56a88ae72cff2c503841006d63a5ee98:350c0fec:92102b6a8c0f764eeb1f97cbe6e67f21)
b8178e3e6643f9ff7fc8db2027524494 =
(7b925e7f71e32e0e8301898da182c944:350c0fec:92102b6a8c0f764eeb1f97cbe6e67f21)
c4ee4ed95758d5e6f6603c26665f4632 =
(a5d8761336f52fc74922753989f579c4:350c0fec:92102b6a8c0f764eeb1f97cbe6e67f21)
717c51dadcad97100d8e36201ff11147 =
(49be40838a87b1cb0731e35c41c06e04:350c0fec:92102b6a8c0f764eeb1f97cbe6e67f21)
MD5 717c51dadcad97100d8e36201ff11147,
. , HackniMe
.
BYE
H.323 IAX , SIP
(DoS). DoS , spoofing BYE
. ,
.
, .
,
.
,
( INVITE ), - Caller-ID
(tag). ,
BYE, From
To . From, To, Caller-ID tag
() ,
(
).
SIP 200 OK , spoof
BYE . - -:
SIP/2.0 200 OK
Via: SIP/2.0/TCP
192.168.5.122; branch=;received=192.168.5.122
From: "iSEC" <sip:Ivan@192.168.2.102>;tag=ff761a48
To: "iSEC" <sip:Petar@192.168.2.102>;tag=as3a9bd758
Call-ID: 845b1f52dd197838MThmMDVhZWRkYZIxMmI1MjNiNDA4MThmYTJiODdiMzM
CSeq: 2 BYE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Content-Length: 0
(DoS) SIP CANCEL,
-. , BYE
, CANCEL SIP DoS SIP
, . , BYE
, a CANCEL .
REGISTER
, DoS
IP . ,
IP , .
VoIP
13
REGISTER,
Contact, IP . ,
DoS , Contact,
IP 192.168.5.122, . 118.118.8.118.
REGISTER , IP , , 4.13.
4.1-3. Contact SIP
Un-register
(DoS), - SIP
. - SIP
. - SIP RFC,
.
- ,
. , SIP
, .
- UA, REGISTER,
( 3600 7200),
. -,
UDP - .
UDP ,
.
, -.
SIP Fuzzing
, ,
. ,
, . SIP fuzzing,
SIP . ,
fuzzing , VoIP .
PROTOS (http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/index.html/) fuzzing
, VoIP SIP:
4.1-4, . SIP
, , . ,
, ,
.
VoIP
14
4.1-4. Fuzzing
SIP (flooding)
- DoS VoIP /
. , .

. , SIP INVITE,
. SPI .
flooding .
, .
DoS (DDoS) . VoIP
, DDoS .
.
,
.
BOTNET, , -. VoIP
.
SIP (signaling loop)
DoS ,
VoIP . ,
VoIP --
(Max-Forwards), SIP .
/ ,
(loop). 4.1-5 .
http://tools.ietf.org/html/draft-lawrence-maxforward-problems-00
VoIP
15
4.1-5. SIP DoS signaling loop
, , one.com two.com,
user1 user2. , , header
, , .
, SIP
/. 2, / INVITE (
one.com), INVITE two.com,
user1 user2. , INVITE SIP / two.com,
/ one.com.
one.com, Max-Forwards header- . RFC 3261 ,
Max-Forwards 70,
270 .
(.408, CANCEL). VoIP ,
, . o
Max-Forwards , , SIP ,
, .
(loop detection), .
SPIT (Spam Over Internet Telephony)
, ,
.
, .
PSTN . , . ,
, PSTN ,
. (SPIT)
VoIP
16
VoIP , -
. ,
.
, IP
. ,
,
. ,
, SPIT
, .
( ) .
.
,
, . -
, , ?.
- ( ,
) .
, - ,
. ,
.
SPIT .
(INVITE) .
,
. SIP
INVITE , .
, , ,
(RTP) ,
, DoS . ,
, /, ,
VoIP .

, .
:

--

,
/ .
--, ,
, .

, .
, ,
.
VoIP , :
VoIP . ,
VoIP .
VoIP . VoIP
.
VoIP , , , ,
, SBC, DNS, NTP .
VoIP .
.
VoIP
17
, .
.

.
/ .
( ),
, , ( )
.
.
, VoIP ,
.
, ,
VoIP :
(,
, , , )

(. TFTP, FTP, Telnet, RPC)
(, ,
)
, ,
( ).
VoIP .
, VoIP
, . VoIP 2006 .,
$1 . VoIP
, VoIP
.
,
, , SPIT, .
VoIP ,
.

- , , ,
VoIP

, MAC
802.1x
. VLAN, VoIP
VLAN ACL- ( ),
VoIP VLAN-
VoIP
SBC.

VoIP
18
- ,
VoIP

,

- CDR
(CDR Customer Detail Records)

,

,

- , ,

VoIP
, . - -
, , ,
, , .
, (VoIP )
spoofing , ,
,
.
SIP
VoIP
brute-force . VoIP , SIP,
REGISTER . REGISTER,
.
,
. , -
/, - (brute-force)
. VoIP,
.
SIP . , , SIP
, , ,
, 16 .. , SMS
.
-- (MITM)
, SIP --,
4.1-6. ARP DNS spoofing ,
SIP SIP .
, - SIP , .
, , ,
SIP SIP .
, (
1), SIP ( ),
/, SIP nonce
( 3). ,
VoIP
19
( 4). ,
MD5 , nonce ( 5),
. MD5 ,
SIP ( 6).
4.1-6. MITM SIP
,
VoIP .
; .

, VoIP,
.
, :
( , )

( , ) ,
. ,
, . ,
(master),
. VoIP ,
,
.
.
, VoIP ,
. IP , ( ) ,
PSTN IP- . , IP
(.. )
. -
IP- , . , - IP
IP , - .
, ARP (poisoning)
.
Wireshark
Wireshark (- Ethereal)
, SIP, H.323 RTP.
, VoIP
.
VoIP
20
4.1-7. Wireshark
, Voice over IP.

VoIP ,
, , .
, Player,
. , RTP -
(. - ).
Cain & Abel
, VoIP Cain & Abel. ARP
(poisoning) -- SIP RTP
.
VoIP
21
4.1-8. ARP
ARP (poisoning), ARP spoofing

, -- DoS
Ethernet . LAN.
--,
,
( ) (. ).
(ARP) MAC IP
. ARP spoofing MAC IP ,
ARP (ARP ). ,
192.168.1.2 192.168.1.5, ARP LAN ,
(advertising) MAC 192.168.1.5 00:0B: 95:09:68:05 .
Ethernet .
spoofed (192.168.1.2),
(192.168.1.9), spoof ARP
, .
VoIP (SIP), .
VoIP, . ,
, , .
.
VLAN (hopping)
--, ARP ,
.
ARP VLAN hopping,
, .
, ARP ,
LAN. - VLAN hopping : (switch spoofing)
(double-tagging). ,
. spoofing, ,
ISL 802.1q DTP , ,
VLAN . , Ethernet 802.1q
. ,
. ,
VLAN ID-, 802.1q . ,
.
VoIP , ,
, -.
VoIP
22
VLAN hopping :
.
(DTP Dynamic Trunking Protocol). - trunking-.
VLAN .
, VLAN Yesirnia.
,
, . DTP, STP (Spanning Tree Protocol), VTP (VLAN Trunking Protocol), ISL (Inter-switch Link
Protocol), 802.1x, 802.1q, HSRP (Hot Standby Router Protocol), DHCP (Dynamic Host Configuration Protocol) CDP
(Cisco Discovery Protocol).
MGCP
VoIP , MGCP
( call manager Cisco ) ,
-
(. ). 4.1-9
VoIP .
4.1-9. MGCP VoIP
SIP, H.323, Cisco SCCP, Skinny,

( ) ,
. ,
, MGCP
, , .
MGCP PSTN
PSTN RTP
, .
- , MGCP
PSTN , RTP . /
:
1.
2.
().
3.
, .
4.
5.
, ,
.
VoIP
23
4.1-10. MGCP
PSTN
. MGCP , SIP.
MGCP :
AUEP 1500 *@mgcp.gateway MGCP 0.1
AUEP (Audit End-Point) (1500)

. , (*)
(mgcp.gateway).
(), ,
. , 15
:
200 1500
Z: S0/SU1/DS1-0/1@mgcp.gateway

(idle). AUEP :
AUEP 1000 S0/SU1/DS1-0/1@mgcp.gateway MGCP 0.1
F: R,D,S,X,N,I,T,O,ES
S0/SU1/DS1-0/1, F:
, :
200 1000
I: 2EDA
N: ca@10.96.1.51:2427
X: 1
R: D/[0-9ABCD*#](N)
S:
O:
T:
ES:
ID I: 2EDA,
, MGCP RTP .
VoIP
24
AUXC (Audit Connection) , (

S0/SU1/DS1-0/1@mgcp.gateway) 2EDA
. MGCP
:
200 1
C: D000000002000594000000F50000001d
N: ca@10.6.1.21:2427
L: p:20, a:PCMU, s:off, t:b8
M: sendrecv
P: PS=9817, OS=1570720, PR=9817, OR=1570720, PL=0, JI=60, LA=0
v=0
c=IN IP4 10.6.255.25
m=audio 18688 RTP/AVP 0 100
a=rtpmap:100 X-NSE/8000
a=fmtp:100 192-194
, (CA - Call Agent),

(ca@10.6.1.21:2427), N: Notified entity - M:
(sendrecv). SDP IP (10.6.255.25)
(18688) RTP .
,
. 4.1-11 .
4.1-11. RTP
MDCX (Modify Connection)

. MDCX :
MDCX 1553 S0/SU1/DS1-0/1@mgcp.gateway MGCP 0.1
C: D000000002003e0e000000F580001f6d
I: 2EDA
X: 16
L: p:20, a:PCMU, s:off, t:b8
M: sendrecv
R: D/[0-9ABCD*#]
Q: process, loop
v=0
o=- 1334 0 IN EPN S0/SU1/DS1-0/1@mgcp.gateway s=Cisco SDP 0
t=0 0
m=audio 17994 RTP/AVP 0
c=IN IP4 10.6.158.178
MGCP (S0/SU1/DS1-0/1)
RTP 10.6.158.178 17794. MGCP
, . ,
RTP
, . ,
, RTP ,
. , ,
, "".
, MGCP RTP ,
VoIP
25
. RTP
, RAT (Robust Audio
Tool), RTP . RAT,
RTP (
). RTP ,
, MGCP
RTP . ,
RTP .
(masquerading)
,
. , ,
. ,
.
,
,
. ,
,
( ).
, . SIP ,
.
, , H.323 .
, , , DNS
, SIP , PSAP softswitch, ,
, .
, DNS , SIP URL-
, .. .
, (
MAC IP spoofing IP ), VoIP
. ,
VoIP ,
.
(caller id spoofing)
VoIP
(. SIP INVITE).
, VoIP (. Asterisk PBX)
INVITE , SIVuS. , Asterisk
PBX CID, - SetCallerID(2015551212)
extensions.conf , 2015551212 , .
, , Asterisk
.
ID VoIP
. , VoIP VoIP
-- ,
( SBC, SIP , H.323 gatekeeper). , VoIP
VoIP , ID . , ,
ID .
ID , ID
. ,
ID . ID-
, , ,
.
, ID (. SpoofTel, NuFone
VoicePulse, , ).
www.spooftel.com/; www.nufone.net/; www.voicepulse.com/features/basic/CallerID.aspx;
VoIP
26
(presence hijacking)
,
. ,
VoIP
, .
, .
4.1-12 , IP ,
(INVITE). VoIP ,
.
4.1-12. SIP Register
REGISTER Contact , IP (
). (INVITE),
IP
. , 201-853-0102 IP 192.168.10.5.
INVITE IP, 5061,
SIPS, RFC 3261.
,
www.vopsecurity.org/Security_Issues_with_SOHO_VoIP_Gateways-052005.pdf
4.1-13 REGISTER, .
, ,
Contact. , IP (192.168.1.3),
IP . REGISTER SIP
192.168.1.2. SIVuS.
VoIP
27
4.1-13. REGISTER
:
1.
.
:
DoS , .
- (spoof) ,
0 (Expires: 0). ,
.
REGISTER - (. 15 ),
. ,
60 .
2.
REGISTER IP ,
.
.
:
0. DoS .
1. .
2. : .
3. : .
4. : , IP .
5. : .
6. .
7. .
.
VoIP
28
4.1-14.
:
,
( INVITE ).
, ,
.
SIP
.
, VoIP REGISTER
SIPS (SIP TLS). SIP nonce,
, ID, , URI,
MD5 .
nonce, SIP . , SIPS
, .
VoIP, , SIP
, SIP
, . , SIP , ,
REGISTER, ,
, (. nonce
).
. , ,
,
. ,
. ,
(, ,
).
SIPS SIP (
), - . ,
SIPS ,
.
ARP (arp spoofing)
ARP Ethernet . , ARP
VoIP . ,

,
. , ,
, ARP
. , ARP
VoIP
29
, (Solaris )
ARP , .
, ARP , ARP spoofing, ARP ARP
ARP. .
ARP ARP spoofing- .
ettercap, Cain dsniff, IP
ARP -. ARP
IP . ARP
.
, - . ARP IP , -
(), , IP (10.1.1.2) MAC -
, BA:DB:AD:BA:DB:AD. , ,
- . , MAC - , IP
, IP MAC - . , - ARP
ARP , Windows , ARP
ARP ,
.
ARP :

10.1.1.1
10.1.1.2

AA:BB:CC:DD:EE:FF
BA:DB:AD:BA:DB:AD
int0
int0
,
.
ARP ,
IP . - , ARP.
, ,
( MITM) .
/dev/null (.. ), DoS.
ARP :

10.1.1.1
10.1.1.2

BA:DB:AD:BA:DB:AD
AA:BB:CC:DD:EE:00
int0
int0
,
, Wireshark
tcpdump. a ( , ,
), .
vomit rtpsniff, VoipCrack,
VoIP . ,
, PIN . ,
IP .
- . ,
. . ,
ARP . , ,
. /,
,
, ,
ARP . ( ) ,
, - (CAM ContentAddressable Memory) IP MAC, .
unicast , , .
, .
VoIP
30
ARP ,
MAC . Arpwatch. ,
MAC/IP . Cisco Catalyst 6500
ARP (DAI Dynamic ARP inspection). DAI
Cisco (CIS) spoofing
, ARP . DAI CIS
Catalyst, (Cisco IOS).
VoIP
. Avaya.
, VoIP AES .
,
IP .
. ,
- DoS,
DoS - .
, , .
Call Manager
VoIP , .
VoIP
. VoIP
( ) ,
.
MGCP.
4.1-15. PSTN
"" MGCP,
MGCP
. RFC 3991, "Media Gateway Control Protocol (MGCP) ,"
, ,
.
(CA) NotifiedEntity NotifiedEntityList
, "all of". ,
() .
, "" ,
.
:
EPCF 1200 *@gw1.dostav4ik.bg MGCP 1.0
RED/N: ca1@ca1234.dostav4ik.bg
EPCF (End Point Configuration )
2427. (*) ,
. RED/N
( ca1@ca1234.dostav4ik.bg).
:
EPCF 1200 *@gw1.dostav4ik.bg MGCP 1.0
RED/NL: ca1@myca.dostav4ik.bg, a2@mybackupca.dostav4ik.bg
VoIP
31
MGCP ,
MGCP (2427) , .
, --,
, MGCP . IPSec
, .
IP
, (boot image)
, . VoIP , Cisco Avaya,
, TFTP , HTTP.
. TFTP HTTP
, . ,
, , .
, IP TFTP ,
boot image- , Cisco ,
. ,
TFTP Cisco .
Avaya, UDP 69 TFTP
( Avaya TFTP ,
). TFTP ,
, TFTP HTTP GET .
, 46xxsettings.txt Avaya.
TFTP GET ,
. ,
, -
. :
1.
VoIP
2.
TFTP ,
3.
TFTP , IP .
. 172.16.1.88.
4.
-, command prompt Windows:

tftp 172.16.1.88 GET 46xxsettings.txt
, (boot image)
. ,
. , boot image-

.
.
,
--. 2 OSI ,
TFTP/HTTP ,
. , boot image
.
. ,
.
a01d01b2_3.bin Avaya
46xxsettings.txt Avaya
,
. . ,
.

, . , , SIP
VoIP
32
-,
, .
,
, . ,
, .
, :
5.
VoIP
1.
TFTP HTTP , boot

2.
TFTP , 46xxsettings.txt and

a01d01b2_3.bin TFTP
3.
, IP TFTP
4.
IP
5.
Cain & Abel , --,

, TFTP ,
MAC , IP
SIP
spoofing SIP VoIP ,
SIP SIP . SIP INVITE , SIP SIP
INVITE. ,
, , IP ,
SIP , .
, SIP stargate-bg.org 91.196.124.78,
Stargate-BG 91.196.124.150, SIP
/ .
Stargate-BG, SIP ,
. , ,
,
. Spoof - (IP
Contact).
SIP/2.0 302 Moved Temporarily
To: <sip:Ivan@91.196.124.78>
From: <sip:Raina@91.196.124.78>;tag=1108
Call-Id: 11082006@91.196.124.78
CSeq: 1 INVITE
Contact: <sip:attacker@91.196.124.150>
4.2 H.323
H.323 H.225 (RAS - Registration Admission Status)
, . RAS
, gatekeeper- ,
, .
, , /- -
-gatekeeper, RAS.
, RAS H.323 . , H.323
, RAS ,
VoIP .
RAS, . RAS H.323.
, / gatekeeper-.
RAS H.323 VoIP ,
. RAS ,
.
H.225 ,
, . , H.225
. , :
VoIP
33
(H.323 ID)
H.323 ( )
(replay) H.225
(spoofing) H.323 (E.164 )
E.164
E.164 (hopping)
NTP
UDP (H.225 )
H.225 nonStandardMessage
Host Unreachable
H.323 gatekeeper-
H.323 GK ( GateKeeper) , VoIP
. H.323 gatekeeper,
gatekeeper (GRQ Gatekeeper Request) 224.0.1.41 1718.
H.323 gatekeeper- .
H.323
gatekeeper- . gatekeeper- (GCF Gatekeeper Confirmation),
, H.323 ,
, , . ,
, gatekeeper gatekeeper
. H.323 GCF ,
GK , .
224.0.1.41 D GK
IP gatekeeper,
. 224.0.1.41,
GK, .
, ,
DoS .
, gatekeeper .
GCF ,
GK. , GCF H.323
gatekeeper . , ,
GCF . ,
GCF . , GCF
GCF GK,
, .
(H.323 ID)
gatekeeper H.323 ,
. H.323
, .
, --
H.225 .
,
-. Wireshark,
H.323 ID H.225.0 RAS /.
VoIP
34
4.2-1. H.225
H.323
a H.323 H.225, ASN.1,
(H.323 ID) ( ,
1 , 1970), ASN.1- .
MD5 ( cryptoEPPwdHash). -, ,
;
- .
MD5 , /:
MD5(ASN.1 Encoded: H.323 ID + + timestamp) = Hash
. ,
,
--. -, H.323 ,
,
.
, ,
, MD5 ,
. 4.2-2 , H.323-ID (USER),
timestamp Nov 7, 2006 10:32:45.00000000 MD5 :
1C8451595D9AC7B983350D268DB7F36E.
4.2-2. H.323
,
, :
MD5(ASN.1-encoded: H.323-ID + password + timestamp) = hash
- , , (H.323 ID),
VoIP
35
ASN.1 . ASN.1-
, MD5 hashing . MD5
MD5 -, , ,
. , 5 + X = 8.
X , .
- ,
,
. , H.323 ,
- .
H.225 .
, ,
MD5 .
MD5 ( ),
H.323 .
Sniffed (Captured) Entities over the network:
- Username: USER
- Timestamp: 1162895565
- MD5 Hash: 1c8451595d9ac7b983350d268db7f36e
MD5 (ASN.1 Encoded:
Username + Password + Timestamp ) = Hash
USER
+
test
+ 1162895565 + =! 1C8451595D9AC7B983350D268DB7F36E
USER
+
Ivan
+ 1162895565 + =! 1C8451595D9AC7B983350D268DB7F36E
USER
+
Raina
+ 1162895565 + =! 1C8451595D9AC7B983350D268DB7F36E
USER
+
1108
+ 1162895565 + =! 1C8451595D9AC7B983350D268DB7F36E
USER
+
1117
+ 1162895565 + =! 1C8451595D9AC7B983350D268DB7F36E
USER
+
isec
+ 1162895565 + =! 1C8451595D9AC7B983350D268DB7F36E
USER
+
PASS
+ 1162895565 + = 1C8451595D9AC7B983350D268DB7F36E
H.323 (replay)
H.225 ,
, ,
, . , MD5
, , .
, .
, MD5 . H.323,
, .
MD5 , H.323
( ), (H.323-ID) .
, iSEC ,
, MD5 .
GK NTP , H.323
. , Oct 2, 2008 6:34.00 gatekeeper-
Oct 2, 2008 6:34:01, MD5 gatekeeper-
.
, NTP H.323
GK, , .01 . ,
H.323 GK- MD5 , - (
30 60 ), . (
H.323 ),
. ,
, MD5 , MD5 30
60 .
- MD5
gatekeeper-a GK,
.
16- , H.225 .
IP GK (c0 a8 74 79 192.168.116.28,
VoIP
36
hex), (00 55 00 53 00 45 00 52 00 00 USER

hex) MD5 .
0e 80
74 49
01 00
00 00
00 44
00 43
c3 76
34 39
USER)
00 52
02 05
26 8d
00 00
73 c0
19 9f
6e 74
63 6c
79 70
76 65
3e
08
06
07
00
00
00
82
2c
be
b8
00
00
49
2d
01
2b
06
01
00
00
00
00
01
10
00
00
00
00
47
74
00
30
08
c0
00
00
00
00
07
2e
91
a8
00
00
53
73
54
01
4a
74
00
00
00
00
61
04
00
49
00
00
2d
74
6e
04
05
06
00
00
00
05
64
00
80
b7
01
00
69
00
62
55
01
22
34
00
00
49
65
00
00
c0
39
02
53
83
72
53
c0
82
00
40
00
58
67
00
a8 - IP
01
00
0c
45
69
01
45 (..
00
00
b7
12
a5
27
3e
69
65
72
00
80
f3
6d
92
73
3c
65
3e
73
c0
80
6e
01
74
c0
61
6e
3c
69
45
1c
01
50
af
a5
73
74
76
6f
50
84
00
20
00
92
73
3c
65
6e
d1
51
01
df
00
74
65
2f
72
3e
4c
59
00
89
50
af
6e
61
73
3c
08
5d
01
03
20
00
74
73
69
2f
2a
9a
00
59
df
46
5f
73
6f
61
86
c7
01
6f
89
3c
74
65
6e
73
48
b9
00
45
03
61
79
6e
3e
73
86
83
05
19
59
73
70
74
31
65
f7
35
18
9f
6f
73
65
5f
3c
6e
0d
0d - MD5
01
27
45
65
3e
74
2f
74
H.225 , 16-
GK.
H.323 (.164 )
- , E.164 ,
H.323 , H.323
. E.164 ,
, MAC Ethernet , - (Initiator Node
Names) iSCSI WWN - HBA. MAC
, etherchange
MAC, http://ntsecurity.nu, .
E.164 GK
. gatekeeper-, DoS
, . GK (rewrite)
E.164 , ( ),
; DoS .
E.164 ,
, ,
DoS . ,
, ,
, E.164 . ,
, .
VoIP , E.164 ,
. , E.164 ,
, VoIP (
). E.164
( VoIP ,
). ,
VoIP .
.164
E.164 ,
H.323 . - .
, , E.164 .
;
.164 . Wireshark,
dialedDigits, . dialedDigits H.323
VoIP
37
Wireshark -:
H.225.0 RAS
gatekeeperRequest
endpointAlias
Item 1
Item: dialedDigits
dialedDigits
--,
- E.164 . , -
, gatekeeper- . gatekeeper, E.164
, securityDenial. ,
E.164 , , GK duplicateAlias.
, .164 ,
. GK, E.164
GK, 1 999999999
duplicateAlias.
- . (rejectReason) 4.2-3
, .164 ,
(securityDenial). 4.2-4 (rejectReason),
, (duplicateAlias).
, E.164 .
4.2-3. , E.164
4.2-4. E.164 duplicateAlias
E.164 (hopping)
Hopping
, . , hopping

, .
Cisco ,
VLAN-, VLAN (), ,
.
E.164 , -. , GK
E.164 ( E.164
). , E.164
H.323 . ,
,
- ; ;

VoIP
38
"700" 800 . .164

H.323 VoIP .
DoS NTP
()
H.323, H.323 .
DoS
DS , H.323 .
-, H.323 ( ) NTP
MD5 . , , H.323
, H.323 . ,
NTP UDP , (
NTP ).
, NTP H.323 ,
gatekeeper-. ,
GK, . H.323
gatekeeper- , .
- , GK IP ,

. , , MD5
GK H.323 ,
VoIP .
DoS UDP ( H.225)
H.225
, H.323
. , H.323
. , H.323 GK,
UDP
H.323 . -,
UDP .
UDP ,
, GK
(
).
DoS (host unreachable)
H.323
. H.323 ,
. , .
, -
, . VoIP.
, ICMP Host Unreachable ( ),
. VoIP, ICMP
.
: ,
, .
DoS H.225 nonStandartMessage
H.225 nonStandardMessage .
, H.225 ,
. ,
. , ,
VoIP . ,
VoIP
39
H.323 .
, , .
, , - (
),
.
: ,
, .
, H.225 nonStandardMessage,
-:
1.
Nemesis BackTrack Live CD.
2.
http://www.isecpartners.com/tools.html/ iSEC.nonStandardMessage.DOS;
Nemesis, .
3.
, b a
, :
a.
b.

a.
IP: 172.16.1.103
b.
MAC: 00:05:4E:4A:E0:E1
c.
IP (H.323 ): 172.16.1.140
d.
MAC (H.323 ): 02:34:4F:3B:A0:D3

nemesis udp -x 1719 -y 1719 -S 172.16.1.103 -D 172.16.1.140 -H
00:05:4E:4A:E0:E1-M 02:34:4F:3B:A0:D3 -P iSEC.nonStandardMessage.DOS
4.
16- , HEX
.
5c 09 81 40 82 01 01 00 04 03 00 00 04 04 00 00
00 00
4.3 Real Time Protocol (RTP)
RTP UDP , 1024 65535. ,
UDP - 1024, VoIP
( Cisco Avaya) .
, RTP/RTCP
, .
RTP - . RTP
, , (payload), SRRC (
), CSRC ( ), -.
: , VoIP
. , RTP H.323 .
() : RTP . ,
,
160 .
: RTP .
: RTP .
B RTP RFC, " ", ,
. 9 RFC ,
- , IPSec .
VoIP
40
, VoIP IPSec - ,
-
VoIP . , RFC, ,
RTP .
RTP
VoIP (),
RTP. /
, . , .
: , Secure RTP (SRTP), -,
, SRTP
/ .
RTP , . , , ,
, - .
- RTP, :

RTP
RTP ,
, . Telnet, FTP HTTP. , RTP
, ,
.
Cain&Abel Wireshark,
RTP , RTP
. , ,
VoIP .
--, ,
.
RTP VoIP, .wav ,
--,
Cain&Abel.
4.3-1. VoIP RTP

VoIP
. , , 118,
, .
VoIP , RTP
, SSRC . . RTP ,
VoIP
41
0 (.. 160ms),
0 1 SSRC
. .
, ,
.
4.3-2. RTP
SSRC ,
( ).
VoIP RTP, RTPInject,
, .
, SSRC.
5.

VoIP.
5.1
VoIP ,
. ,
.
,
.
, . , ,
, .
.
, .

VoIP
. , SRTP TLS .
SIP
SIP
(RFC 3261) . IPSec, S/MIME, TLS DTLS,
.
,
. , TLS
S/MIME, .
, .
, SIP ,
IP DHCP, TFTP ( )
VoIP
42
, SIP . IP
SIP . (.
TFTP), (. sip:user@sip-domain.com)
(. sip.mcat.net 224.0.1.75). SIP
, SIP ,
. , (INVITE)
,
DoS SPIT .
() SIP
SIP HTTP SIP
(realm) .
, , -
.
5-1. SIP
5-1 ,
. 180 Ringing .
1, SIP ( A). ( 1-5), , 401 Unauthorized (
nonce) ( 1.2 REGISTER 1.1).
REGISTER ( 1.4), MD5 . ,
.
SIP .
2, B.
SIP ( A) , 407 Proxy
Authentication Required ( 2.2) INVITE ( 2.1).
(UA) .
INVITE :
INVITE sip:petar@domain-b.com:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.3:5060;branch=z9hG4bK-5ef661a9
From: ivan<sip:ivan@domain-a.com:5060>;tag=aed516f97e1da529o0
To: <sip:petar@domain-b.com:5060>
VoIP
43
Call-ID: ceab1739-db25a1e9@192.168.1.3
CSeq: 101 INVITE
Max-Forwards: 70
Contact: ivan<sip:ivan@192.168.1.3:5060>
Expires: 240
User-Agent: 001217E57E31 Linksys/RT31P2-3.1.6(LI)
Content-Length: 313
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
Content-Type: application/sdp
SIP ( ) :
SIP/2.0 407 Proxy Authentication Required
From: ivan<sip:ivan@domain-a.com:5060>;tag=aed516f97e1da529o0;
Call-ID: ceab1739-db25a1e9@192.168.1.3
CSeq: 101 INVITE
Proxy-Authenticate: Digest realm="domain-a.com",
domain="sip:domain-a.com", nonce="969467834", algorithm=MD5
Max-Forwards: 15
Content-Length: 0
407 Proxy Authentication Required

SIP Proxy-Authenticate , realm,
domain, nonce digest , MD5 :
SIP SIP , ACK:

ACK sip:petar@domain-b.com:5060 SIP/2.0
Call-ID: ceab1739-db25a1e9@192.168.1.3
CSeq: 101 ACK
Max-Forwards: 70
Contact: ivan<sip:ivan@domain-a.com:5060>
Content-Length: 0
SIP INVITE, ProxyAuthorization. , Cseq 101 102, INVITE

:
INVITE sip:petar@domain-b.com:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.3:5060;branch=z9hG4bK-d04dcaa1
Call-ID: ceab1739-db25a1e9@192.168.1.3
CSeq: 102 INVITE
Max-Forwards: 70
Proxy-Authorization: Digest username="ivan",realm="domaina.com", nonce="969467834",uri="sip:petar@domainb.com:5060",algorithm=MD5,response="72f370515acd0b878bce1e9e788
99ad2"
Expires: 240
Content-Length: 313
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
, OK:
SIP/2.0 200 OK
VoIP
44
Via: SIP/2.0/UDP domain-a.com:5060;branch=z9hG4bK-f7bb35c3

Via: SIP/2.0/UDP 192.168.1.3:5060;branch=z9hG4bK-d04dcaa1
From: petar<sip:petar@domain-b.com:5060>;tag=aed516f97e1da529o0;
To: <sip:ivan@domain-a.com:5060>;tag=2027561073
Call-ID: ceab1739-db25a1e9@192.168.1.3
CSeq: 102 INVITE
Contact: <sip:petar@domain-b.com:5060>
Max-Forwards: 15
Content-Length: 217
, ACK,
:
ACK sip: petar@domain-b.com:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.3:5060;branch=z9hG4bK-6ee04695
From: ivan<sip:ivan@domain-a.com;5060>;tag=aed516f97e1da529o0
To: <sip:petar@domain-b.com:5060>;tag=2027561073
Call-ID: ceab1739-db25a1e9@192.168.1.3
CSeq: 102 ACK
Max-Forwards: 70
Proxy-Authorization: Digest username="ivan",realm="domaina.com",nonce="969467834",uri="sip:petar@domainb.com:5060",algorithm=MD5,response="28909c2f5b3f682b2d8bc6a36ab
a572c"
Content-Length: 0
: RFC ACK, .
, SIP ACK, 407 Proxy Authentication
Required.
, BYE .
, BYE ( ).
BYE sip:petar@domain-b.com:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.3:5060;branch=z9hG4bK-304dbcd
Call-ID: ceab1739-db25a1e9@192.168.1.3
CSeq: 103 BYE
Max-Forwards: 70
Proxy-Authorization: Digest username="ivan",realm="domaina.com",nonce="969467834",uri="sip:petar@domainb.com:5060",algorithm=MD5,response="96645bfe26e2a5b64803041948b
ba38d"
Content-Length: 0
, SIP
BYE, 407 Proxy Authentication Required:
SIP/2.0 407 Proxy Authentication Required
Via: SIP/2.0/UDP 192.168.1.3:5060;branch=z9hG4bK-304dbcd
Call-ID: ceab1739-db25a1e9@192.168.1.3
CSeq: 103 BYE
Max-Forwards: 15
Content-Length: 0
SIP BYE
:
BYE sip:petar@domain-b.com:5060 SIP/2.0
SIP/2.0/UDP 192.168.1.3:5060;branch=z9hG4bK-1be1b199
Call-ID: ceab1739-db25a1e9@192.168.1.3
CSeq: 104 BYE
Max-Forwards: 70
Proxy-Authorization: Digest username="petar",realm="domaina.com",nonce="35921938",uri="sip:petar@domain-
VoIP
45
b.com:5060",algorithm=MD5,response="f17f737430b236c73121ecf6a10
31518"
Content-Length: 0
, OK :
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.3:5060;branch=z9hG4bK-1be1b199
Call-ID: ceab1739-db25a1e9@192.168.1.3
CSeq: 104 BYE
Max-Forwards: 15
Content-Length: 0
SIP ,
. , REGISTER,
INVITE. REGISTER INVITE, BYE
CANCEL . ,
.
,
, .
INVITE, BYE, ACK REFER. SIP RFC 3261 , CANCEL
, . SIP
CANCEL , SIP .
, , IPSec TLS.
SIP , UDP
IPSec. SIP (.
callerID, Cseq, branchID tag),
CANCEL .
INVITE REGISTER , BYE CANCEL. IETF
(. 183, 180), UDP
, .
, SIP
(. REGISTER, INVITE ..) 5-2.
5-2. SIP
- :
nonce_value ,
nc_value (nonce count) 16- , nonce. .,
nonce , "nc=00000001".
nonce , qpop
cnonce_value ,
, ,

VoIP
46
qpop_value . (RFC 2617).

auth, auth-int,
()
A1 MD5 , realm, , nonce cnonce:
username_value - (realm)
realm_value - ,
(. sipserver.domain.com)
passwd - ,
nonce_value -
cnonce_value - -
A2 MD5 , URI :
Method - SIP SIP
digest_uri_value - URI- Request-URI Request-Line; ,
Request-Line
32 HEX , Response Proxy-Authorization ,
-:
Proxy-Authorization: Digest
username="petar",realm="domaina.com",nonce="35921938",uri="sip:petar@domainb.com:5060",algorithm=MD5,response="f17f737430b236c73121ecf6a1031518"
, SIP INVITE REGISTER
SIP , SIP CANCEL, BYE
(. 486 Busy Here). ,
. ,
TLS, S/MIME IPSec SIP .
SIP ,
. ,
C, B?.
, SIP
, SIP ,
SIP SIP
. ,
:
nonce , -
,

,
(. IPSec, TLS, DTLS S/MIME)
5.2 - TLS
TLS.
1.1 RFC 4346
( ), ().
: TLS (TLS Record Protocol) TLS (TLS Handshake Protocol).
TLS Record (. ).
(. , )
TLS Handshake , TLS Record.
TLS Handshake /
VoIP
47
(. ) . TLS
. ,
TCP SCTP. , UDP
. RFC 4347 "Datagram Transport Layer Security" IETF ,
-.
SIP TLS
SIP RFC- TLS, ,
, ..
, SIPS URI ( SIP SIP
TLS), ,
.
5.2-1 SIPS
SIPS SIP ( ) UDP, TCP

STCP. - :
URI sips: petar@domain-b.com.
TLS, UDP TCP.
SIPS 5061, 5060.
SIPS, SIP TLS,
, . , TLS
, --.
, SIP
( ). SIPS e AES, 128-
CBC (Cipher Block Chaining )
SHA-1 ( ).
SIPS ,
VoIP
48
SRTP (Secure Real Time Protocol). , Sdescriptions

SIPS INVITE .
SDP SIPS INVITE , a=crypto . 5.2-2
.
5.2-2. SIPS SDescriptions crypto
, TLS ( /),
,
SIP . TLS . 5.2-3
.
5.2-3. SIP TLS
, TLS SIP , .
SIP ,
TLS(SSL) (hop)
.
, - -. :
,
.
- ,
.
.
.
, -
VoIP
49
. , ,
SIPS,
.
, SRTP, SIP, SIPS.
, , SIP,
. peer-to-peer
SRTP.
TLS
TLS SIP
RTP . ,
.

-
- ,
,
- SSL - -
-
- , (, , VPN)
- ,
IPSec

- PKI SSL
- .
hop (. SIP
)
- TCP SCTP UDP,
UDP. UDP
- DoS TCP RST ( ,
reset). TCP flood (. CPU ),
RSA . , RST
TLS ,
5.3 () - DTLS
RFC 4347, DTLS
TLS ,
, UDP , SIP . TLS ,
hop-.
TLS DTLS , DTLS UDP,
.
TLS Handshake, .
TLS , MAC ( , Message Authentication
Code) . MAC
, . ,
, .
DTLS TLS, :
DTLS ( )

, DTLS .
ClientHello, HelloVerifyResponse
. . ,
ClientHello HelloVerifyResponse ClientHello . 5.3-1
VoIP
50
.
5.3-1. DTLS
, HelloVerifyResponse ,
ClientHello.
, DTLS
. , 32
, 32 . 32-
.
, - , RFC
4347 32 . ,
.
DTLS stateless cookies, DoS .
(. ClientHello HelloVerifyRequest), cookie
, ,
. cookie,
ClientHello , cookie.
MD5 secret, IP ,
ClientHello . DoS ,
IP , .
DTLS
DTLS , ,
. ,
. ,
:

- , S/MIME IPSec
TLS
TLS, handshake

DoS , stateless cookies

-, hop-, TLS
PKI
,
hop (. SIP SBC)
5.4 S/MIME
RFC 3851, / (Secure/Multipurpose Internet
Mail Extensions), ,
VoIP
51
SMTP SIP. MIME

(.
) (. , ) SMTP SIP.
S/MIME MIME, PKCS ,
(. PKCS#7 , RFC 3852).
(MIME S/MIME)
, , . ,
, .
S/MIME SIP
S/MIME SIP , Via,
, .
TLS DTLS, S/MIME -
SIP . , TLS DTLS
SIP , . S/MIME
SIP , TCP, UDP,
IPSec, TLS DTLS,
. SIP SDP , S/MIME.
5.4-1. SIP S/MIME
, SIP , SDP , .
,
UDP , (. SRTP),
(. , , URL-, ..).
SIP (. From, To, Contact, Via),
. From
, . , Contact
, ,
, .
S/MIME From ,
, ,
, .
. , SIP
S/MIME , , S/MIME.
, S/MIME,
. PKI ,
S/MIME, (. , ,
..).
SIP
SIP ,
VoIP
52
TLS, DTLS IPSec. .

SIP , S/MIME 3DES SHA1,
, . RFC 3853, IETF
AES S/MIME SIP . AES - ,
, .
AES 128 .
23 RFC 3261 ,
S/MIME SIP.
S/MIME
S/MIME ,
VoIP .
:

UDP TCP
, SIP
,

,
(. PKI), TLS DTLS.
.
, PKI
5.5
VoIP .
, ,
, .
VoIP :
IPSec: , VoIP
. ,
VoIP .
SRTP: AES (Advanced Encryption Standart)
VoIP .
: , SRTP, , SIP
H.323. SSL, .
SSL: VoIP SSL (SIPS) Stunnel (H.323)
.
5.6 IPSec
IPSec ,
TCP, UDP .
. ,
SIP. IPSec ,
, . 5.61 SIP .
VoIP
53
5.6-1. SIP IPSec
IPSec ~2.7 IPSec

( 5 6 IPSec ). , Telcordia Technologies
~20 ( ).
,
250ms. , (RTP)
~10 , . , IPSec
,
hop- - ,
.
IPSec ,
, VoIP IPSec VPN .
, IPSec ,
, , . - ,
IPSec VoIP , IPSec
. , IPSec
. VoIP ,
IPSec . ,
, IPSec .
IPSec
IPSec ,
. ,
. :

,
, UDP, TCP, SIP RTP
, , , DoS
, ,

, (.
PKI), TLS DTLS
PKI ,
, VoIP (. VPN
).
VoIP
54

5.7 H.323
H.323 ITU, H.225.0, H.245 H.235.x -
. H.225 -, RAS (,
), . H.323
ITU Q.931 . RAS GK
, RAS
GK . RAS
, RAS UDP, UDP, TCP.
, . H.245
,
.
, RTP IP , , (. G.729, G.711) .. , H.225, RAS
H.245 , .
H.235 (
) H.323 , H.245 H.225.0,
. H.235 (v4) H.235.1
H.235.9 . - A A F.
.
5.7-1 H.235
H.235.0
H (H.323 H.245 )
H.235.1
H.235.2
H.235.3
H.235.4
H.235.5
RAS, ,
H.235.6
H.235/H.245
H.235.7
MIKEY + SRTP
H.235.8
Secure RTP,
H.235.9
H.323
H.235 300 400ms, (H.323

).
H.235.0
TLS (RFC 2246/3546) IPSec (RFC 2401
ESP). IPSec
VoIP , , TLS
-. , , H.235 1
9. H.323 (. RRQ
GK) .
H.235 :

VoIP
55
H.245
H.245
-,
, H.323 ,
. ,
:
, ,
( ).
, .
, H.225.0
. ,
Diffie-Hellman, .
, TLS IKE.
, H.245, ,
.
H.245, OpenLogicalChannel
OpenLogicalChannelAck. -,
H.245 :
EncryptionUpdateCommand (master)
EncryptionUpdateRequest (slave)
EncryptionUpdate (master)
EncryptionUpdateAck
H.245 ,
.
H.235.1
H.245, H.225.0 RAS
. (hashing)
.
. , NAT (Network Address
Translation) , ( NAT
). HMAC-SHA1-96 20 ,
() . GK ,
,
. , H.225
:
GK (Gatekeeper routed)
, GK.

.
GK.
H.225 (RAS ) ,
- , cryptoTokens, H.235.1
H.225 .
H.235.2
, H.225.0
, SHA1 MD5 (hashing).
- - , H.235.1,
.
RTP ( ).
:
VoIP
56
, /

H.225 (RAS
) H.245 .
H.235.3
H.235.1 H.235.2 ,
PKI . H.235.3 ,
VoIP .
GK- ,
gatekeeper, .
, ,
(fast-connect). -, H.245
H.225.0 , .
, H.235.3 :
Hop-by-hop ( H.235.1 7 II H.235.2 7)
(. ,
GK), ,
,

(GKSP Gate Keeper Security Processor).
H.235.4
GK- ,
, .
5.7-1 .
5.7-1. H.235
, .
GK RAS , GK
RAS.
,
. ,
, GK , ,
. :
(DRC1)
I (DRC2)
II (DRC3)
VoIP
57
, :
PRF
FIPS 140
,
.
H.235.5 RAS, ,
H.235.5 GK, GK,
RAS , ,
RAS
. GK- , .
:
(SP1),
80 (. NIST SP 800-57)
(SP2), SP1,

SP2 ,
. ,
pointID :
K = Trunc(SHA1(user_password || end pointID), 16)
Trunc(SHA1,16) SHA1 16 .
H.235.6 H.235/H.245
H.235.0 ,
.
. ,
AES, RC2, DES 3DES, OFD (Output Feed Back mode, ISO/IEC 10116).
H.245,
.
(. , ),
fast-connect. , DTMF (Dual Tone
Multi Frequency). H.323 DTMF
RTP, SIP MGCP RTP . H.323 , DTMF
RTP ( rtpPayloadIndication), RTP ,
DTMF .
H.323 , :
- - H.323 ( 1 2),
KeySyncMaterial
-
ECNRYPTED

(Diffie-Hellman) . Diffie-Hellman
(RTP) .
DoS (),
RTP , RTP
. ,
. , MAC RTP (.
), ( antiSpamAlgorithm).
VoIP
58
5.7-2. H.235.6 RTP anti-spam
RTP ,
. , RTP ,
.
H.235.7 MIKEY Secure RTP, H.235
:
- , gatekeeper-
- (PKI), gatekeeper-
5.7-3 MIKEY H.323 .
8.7.8-1. MIKEY H.323
MIKEY H.245 ,
GK. TerminalCapabilitySet, RequestMode,
OpenLogicalChannel MiscellaneousCommand.
MIKEY H.323 ( )
( ).
,
. , ,
MIKEY H.235.1 hop-.
H.235.8 Secure RTP,
ITU
. SrtpCryptoCapability SRTP
H.323 . ,
genericH235SecurityCapability, encryptionAuthenticationAndIntegrity H.245 .
SrtpCryptoCapability SrtpCryptoInfo,
.
SRTP SRTP SrtpKeyParameters,
SrtpKeys H.245 OpenLogicalChannel . H.235.8
SRTP , SRTP
.
VoIP
59
.
H.235.8 AES 128 .
SHA1, 80 32 .
AES f8 128 , SHA1 80 UMTS (Universal Mobile
Telecommunications System).
H.323 SIP.
(early media) ,
, ()
(. ), -
. ,
,
,
H.460.11 .
H.235.9 H.323
ITU H.235.9,
, .
GK , ,
. ,
GK ,
GK , . ,
(. )
.
(. TLS, IPSec)
. ,
(. DES, AES . ) (
64, 128, 192, 256),
, RTP .
,
- .
, GK
.
, GK GW,
H.235.1, H.235.2, H.235.3, H.235.5.
H.235
, ,
VoIP VoIP :

,
(),

, H.235 ,
DoS , --, , ,

- SIP
H.235 , ,
VoIP
60
5.8 MGCP
MGCP (Media Gateway Control Protocol, RFC 3435) PSTN
IP IP PSTN. , PSTN
. ,
PSTN . 5.8-1 PSTN .
5.8-1. PSTN
MGCP ,
IPSec . MGCP
.
MGCP
, MGCP:
ACL MGCP
. .
(
) PSTN MGCP .
PSTN IPSec,
PSTN .
MGCP

,
IPSec

,
UDP (. )
5.9
RTP (Real Time Protocol), RFC 3550.
, IPSec RTP, -
, NAT,
PKI. SRTP (Secure Real Time Protocol).
SRTP .
SRTP
SRTP (Secure Real Time Protocol) RTP (RTP, IETF RFC 3550) ,
IETF RFC 3711. ,
(. SIP, H.323, Skinny) (.
MIKEY, SDESCRIPTIONS, ZRTP), SRTP
( ) . RTP ,
RTCP (Real Time Transport Control Protocol) . RTCP
VoIP
61
RTP, . RTP, RTCP

.
SRTP ,
, ,
.
SRTP :

. (.
)
, .
, SRTP RTP SRTP
. - SRTP RTP.
,
(. G.711, G.729, H.261, H.264)
RTP . , RTP .
SRTP AES (Advanced Encryption Standart), 128 .
, , IETF
RFC (. RFC 3711 ). SRTP AES f8
UMTS (Universal Mobile Telecommunications System).
. AES SRTP
, .
SHA-1 160 .
(MAC) ()
RTP , RTP ,
(tag) , .
5.9-1. SRTP
SRTP RTP, :
MKI Authentication. MKI (Master Key Identifier)
(. MIKEY), , SRTP (RFC 3711).
(. , SSRC)
,
SRTP, RTP (.
). ,
RTP , - (IP, UDP).
5.9-2 , SDescriptions
SRTP. SDP SIP . SDP crypto
, (AES_CM_128),
(SHA1_32).
VoIP
62
5.9-2. , SDescriptions SIP
inline key-info.
:
a=crypto:<tag> <crypto-suite> <key-params> [<session-params>]
<crypto-suite> ( , AES
128 SHA-1).
<key-params>,
key-params = <key-method> ":" <key-info>
<key-method>
<key-info> = UlrbLlfNTNw3blKHQVLGze6oHsyFdjGj3NheKoYx
MIKEY, 5.9-3
SIP INVITE , MIKEY SDP .
5.9-3. MIKEY SIP
key-mgmt SDP , MIKEY

.
VoIP
63
, RTP SRTP
.
5.9-4. SRTP
RTP , ,
. SRTP AES , DoS ,
. , ,
( )
,
. AES ,
.
SRTP SHA-1 160 (
80 /tag/) ,
. (. )
(. 32 ) ( )
.

SRTP .
SRTP
. ,
SRTP , .
, salt SRTP
SRTCP . , SRTP
salt, .
.
key_derivation_rate, . ,
- ( /master/ ).
. ,
, , -
( ). -
,
, .
(early media)
,
. (early media),
(. VoIP/PSTN). , VoIP ,
(. VoIP/PSTN ), PSTN
,
. . , IETF
MIKEY EKT (Encrypted Key Transport),
.
VoIP
64
SRTCP
SRTP, SRTCP /tag/ MKI ,
: SRTCP index encrypt-flag. ,
RTCP . ,
. authentication, SRTCP index encrypt-flag
SRTCP. - , SRTCP SRTP , .
.
SRTP
, (
)
RTP RTCP
AES ( )

-
SRTP
RTP
RTP
,
IP SS7 (PSTN)

.
SRTP (SRTP Security Descriptions)
SRTP Security Descriptions , MIKEY ,
- ,
SRTP (. RTP/SAVP RTP/SAVPF).
- .
crypto SDP.
crypto :
a=crypto:<tag> <crypto-suite> <key-params> [<session-params>]
tag /
, , .
crypto-suite , (.
AES_CM_128_HMAC_SHA1_80).
key-params
, inline, ( salt)
key-info. ,
MKI ( ). MKI
SRTP . IETF Security Descriptions
, :
"inline:" <key||salt> ["|" lifetime] ["|" MKI ":" length]
:
key||salt salt, base64
lifetime
MKI:length: MKI MKI SRTP
[<session-params>], /
VoIP
65
( RFC ):
KDR SRTP , PRF
UNENCRYPTED_SRTP SRTP
UNENCRYPTED_SRTCP SRTCP
UNAUTHENTICATED_SRTP SRTP
FEC_ORDER (FEC Forward Error Correction),
SRTP
FEC_KEY FEC, FEC /
WSH ,
Extensions
SDP, SIP
MGCP. , (. TLS, IPSec)
,
.
ZRTP
ZRTP , SRTP.
ZRTP
(RTP) UDP , ,
MIKEY SDescriptions. ,
, SIP , .
, ZRTP
. DH (Diffie-Hellman)
, PKI,
, .
, ZRTP , RFC IETF,
.
ZRTP
ZRTP , (RTP)
: Diffie-Hellman - (shared secret).
Diffie-Hellman , ,
ZRTP , , -
.
VoIP
66
5.9-5. ZRTP , Diffie-Hellman
, DH ,
, DHPart1 DHPart2
. DH (hvi pvr),
nonce .
ZRTP -- (MITM)
DH --, ZRTP SAS (
, Short Authentication String). SAS
. SAS ,
, V (SAS ).
SAS --.
ZRTP DoS
DoS
. ZRTP, Hello
,
.
ZRTP. -
, RTP
ZRTP.
ZRTP DTMF
, ZRTP RTP , Zfone
DTMF . RFC 2833 DTMF RTP.
- DTMF . ,
, ,
.
, , ,
.
VoIP
67
5.9-6. ZRTP DTMF :
ZRTP,
DTMF (. RTP ).
6. VoIP
, VoIP
. VoIP
.
, :

,

, VoIP
. , ,
.
,
, (. /Diameter/),
(. SBC).
6.1
VoIP .
, , , .
, ,
VoIP (, , ). -,
, ,
(, ).
, ,
QoS. - , VoIP
, .
VoIP
68
6.2
,
. 6.2-1
VoIP .
6.2-1.
.
,
VoIP (SBC).
, , PSTN , ,
, , VoIP ,
VLAN ( LAN), VLAN
. ,
(ACL).
, SIP, H.323, MGCP Skinny,
,
VLAN . 6.2-1 ACL, SIP VoIP
VLAN .
6.2-1 ACL
CA VLAN (Call Agent)
VoIP VLAN
UDP
5060
VoIP VLAN
CA VLAN
UDP
5060
6.2-3 ACL, MGCP

VLAN .
VoIP
69
6.2-2 ACL
CA VLAN (Call Agent)
VLAN
UDP
2427
VLAN
CA VLAN
UDP
2727
, CA (.
), , (. ,
, ) (.
).
VLAN , PSTN VLAN, VoIP
.
, ACL RTP
UDP , . , 16,384 32,767
, 49,152 65,535 .
, ,
ACL.
6.2-2 ACL VoIP VLAN .
VLAN,
,
.
6.2-2. ACL VoIP
6.3
2 3,
, .
, (..
, DoS ) ,
.
; 2 VLAN , VoIP
VLAN 802.1p/q QoS
VLAN ;
.
6.4 QoS (shaping)
,
.
VoIP
VoIP
70
QoS. , ,
.
, AES , , 50 ,
500ms,
. - IPSec 2 10 . TLS , 1.5 .
6.5
.
IP .
: ,
; IP (
); ; NAT ; ;
VPN ; ,
,
.
6.5-1 , VoIP.
6.5-1 VoIP
Skinny
TFTP
MGCP
Backhaul (MGCP)
Tapi/Jtapi
HTTP
SSL
SCCP
Transport traffic
SNMP
SNMP trap
DNS
NTP
LDAP
H.323RAS
H.323 H.225
H.323 H.245
H.323 Gatekeeper Discovery
SIP
SIP/TLS
TCP 2000-2002
UDP 69
UDP 2427
TCP 2428
TCP 2748
TCP 8080/80
TCP 443
TCP 3224
16384-32767
UDP 161
UDP 162
UDP 53
UDP 123
TCP 389
TCP 1719
TCP 1720
TCP 11000-11999
UDP 1718
TCP 5060
TCP 5061
, .

. SIP ,
IP ,
STUN , NAT.
, , VPN
VoIP .
6.6 NAT IP
(NAT) - / IP
, NAT . , IP
VoIP
71
-, -, (checksum) IP .
TCP UDP , -,
IP , TCP . NAT
.
NAT VoIP, Ipv6
. NAT , H.323 SIP
3 IP .
6.7 (ACL)
(ACL) ,
ACL, ( permit deny)
, / ,
, , . ACL VLAN, QoS
VoIP .
7. VoIP
IDS (Intrusion Detection Systems)
. - IDS
.
,
(.
). ,
.
VoIP ,
.
IDS . ,
VoIP ,
, .
, Snort IDS - ,
SIP , SIP
, , SYN .
IDS :
DoS; (.
)

,
(. ,
, )

, VoIP
, VoIP , . , SIP , SBC.
,
,
, .
, .
, -
.
7.1 - NIDS
NIDS ,
. , ,
, ,
. - IDS
VoIP
72
.
,
-
. VoIP NIDS .
NIDS : -
. NIDS
. Code Red, NIMDA, DoS , , ASP
CGI . - NIDS ,
. , ,
, ,
. - NIDS
, . ,
(backdoor) .
NIDS ,
. - , ,

.
NIDS () - ( ) .
.
, ,
, VMWare Xen.
, ,
.
NIDS (
), Ethernet
, .
, ,
,
.
, ,
. 1000 2000 . ,
.
. -
,
. , IDS
.
7.1-1 , NIDS
, . Match IDS Rule
, (. , SIP
) , ,
.
VoIP
73
7.1-1. - NIDS
NIDS
. NIDS
. :
IP ,
TCP/UDP ICMP /
IP
TCP
(hex ASCII)
(offset)
,
. ,

, - .
, .
NIDS , ,

. - , ,
, .
( ) .
, -
, - .
, .
,
.
, . ,
.
. - (.
SYN).
, , -
-
. , NIDS
.
, .
.
VoIP
74
NIDS
NIDS , ,
.
, .

, , .
IDS ( )
, NIDS Ethernet ,
, - .
,
, SNMP, , SMS , syslog , IM .

,
, SCP
.
NIDS
Nmap Nessus IDS (. NIDS HIDS).

NIDS
, . TCP (resets)

(ACL), . NIDS IPS
(Intrusion Prevention Systems).
,
. ,
, spoof IDS,
.
NIDS ,
, ,
(-
). NIDS
, ,
.
Honeypots Honeynets
Honeypot , ,
. , ,
, . honeypot
,
. Honeynet , honeypot. , honeynet
, , .
NIDS HIDS, ,
honeypot honeynet . IP
, honey-
, IP .
.
VoIP
75
7.2 - - HIDS
- (HIDS) ,
. HIDS
, , /
.
HIDS Tripwire, MD5 .
- ,
, .. . HIDS ,
Tripwire, ,
.
, MD5
, , .
HIDS , DoS ,
. HIDS
, , , - .
7.3 log
,
. , , , , ,
,
.
, ,
. MRTG (Multi Router Traffic Grapher
http://people.ee.ethz.ch/~oetiker/webtools/mrtg/) RRDTool (http://oss.oetiker.ch/rrdtool/)
SNMP .
7.4 Syslog
- , syslog
IP syslog . Syslog
, , IEEE
RFC3164, .
UDP/514 ,
,
. Syslog , ,
. ,
, , ,
syslog , .
syslogd (. syslog-ng) TCP -
, / .
Syslog UNIX , MS Windows. -
Windows Kiwi Syslog (www.kiwisyslog.com).
Syslog (ASCII ) , ,
syslog syslog relay. Syslog
/var/log,
/etc/syslog.conf. :
0 Emergency:
1 Alert:
2 Critical:
3 Error:
4 Warning:
5 Notice: ,
6 Informational:
7 Debug: debug / /
VoIP , IP syslog ,
,
VoIP
76
.
.
8.
, IP,
VoIP . , -
, .
:
,
PSTN VoIP (. Mtel, BTC ..)
ISP (ISP-VSP) , VoIP
(Cores Networks, ..)
(I-VSP) VoIP ,
VoIP, PSTN
(Hermes phone, inphonex.com, Vonage ..)
- .

TDM , VoIP .
, TDM IP .
(IP ) IMS 3GPP ,
.
PSTN VoIP ,
(POP Points Of Presence), .
VoIP IP VPN ( MPLS).
VoIP
, (. MGCP SIP , IP-PBX, SIP
, H.323 GK). DSL (. T1-OC3,
E1, ), . ,
- ,
.
IP VPN (QoS) - ,
- , VPN .
, VoIP
, .
TDM IP,
VoIP , IP (. VoIP VoIP). IETF
( SPEERMINT) VoIP
.
,
, IP SS7/C7 (
). , VoIP
- (softswitch).
DoS ,
SBC ( ),
.
, ,
(, ).
, ,
VoIP . ,

. ,
VoIP ().
VoIP , VoIP
, ,
. -
VoIP
77
, .
ISP
VoIP
. LAN
(//), ,
.
, IP TDM
. VoIP ,
, SBC ,
. ,
TDM , PSTN
. PoP
, IP ,
.
, .
.
ISP-VSP , PacketCable VoIP
(PacketCable DOCSIS [Data-Over-Cable Service Interface Specifications] PacketLabs
1.1.), IP- VoIP, ,
.., 6- IMS, 3GPP (3rd Generation Partnership
Project). IP PSTN
.
, .

VSP .

, VoIP
. Vonage.
,
VoIP . PSTN
- (LEC Local Exchange Carrier)
.
, ,
, .

VoIP ,
,
, , .
.
, .
,
, , ,
, (. , PBX).
DoS
,
, ,
. ( ),
, . ,
, .
, VoIP :

DoS
VoIP
78

, .
. ,

. ,
.
MAC , ,
(. ). SIP , SIP .
REGISTER/INVITE
. IP
.
H.323, RRQ.
VoIP
. ,
, .
,
.
DoS - VoIP ,
.
VoIP .
SPIT. , SBC ,
, .
, ,
. 8-1
, .
8-1. NGN (Next Generation Network)
, (BCE Border Control Element)

, . BCE
VoIP
79
, . , BCE
3 (. , )
(IP) .
BCE 0 1, .
BCE :
BCE 3 ,
. 2 3
, , - .
, , ,
, .
BCE 2
, ,
, . , 2
. ,
(. DNS, TFTP, BOOTP, DHCP).
BCE 1 , NFS (
), (. Diameter), (. LDAP)
, 2 0. -
(HIDS NIDS) ,
NIDS 1 2
. BCE 1 SSL SRTP ,

.
BCE 0 , (. ,
..) ,
.

BCE, 0. 0 1
(AP-IDS , application intrusion detection),
BCE .
,
VoIP , . :

9.
, VoIP
,
. -
, VoIP
.
IEEE 802.1x ,
.
, ,
VoIP . , 802.1x
, . ,
, MAC .
, VoIP
VoIP ,
. VoIP
VoIP
80
VoIP , . .
, .
.
,
, , ,
. ,
, VoIP ,
.
, VoIP .
,
. VoIP
, . / , , ,
.. , , , (.
, , ).
.
VoIP
, .
VoIP
81

3DES
, , .
- DES.
3GPP
3rd Generation Partnership Project.

.
AES
Advanced Encryption Standart. , DES,

.
ACL
Access Control List, .
ACK
"ACKnowledge", , ,
.
ARP
Address Resolution Protocol. , TCP/IP, IP Ethernet

.
ASCII
American Standart Code for Information Interchange. ( ),

-. 128 , .
ASP
Active Server Pages
ASN.1
Abstract Syntax Notation One. "",

.
Backdoor , .
BCE
Border Control Element
BOOTP
Bootstrap Protocol. TCP/IP , -

, IP .
BOTNET , .
CA
Call Agent. MGCP.
CAM
Content-Addressable Memory
CBC
Cipher Block Chaining. , - DES ,

, ,
, .
CDR
Call Detail Record. , , .
CGI
Common Gateway Interface. . - Perl,
C++, Java, VBScript.
CID
Caller ID
CIS
Contact Image Sensor
IOS
Cisco Internetwork Operating System. Cisco .
CSRC
spomagatelen source sync
Checksum , .
DAI
Dynamic ARP Inspection
DHCP
Dynamic Host Configuration Protocol. IP .
DDoS
Distributed Denial of Service. .
DoS
Denial of Service
DH
Diffie-Hellman. .
, .
DOCSIS Data-Over-Cable Service Interface Specifications PacketLabs

DSL
Digital Subscriber Line. - ,

.
DTLS
Datagram Transport Layer Security. TLS UDP.
DTMF
Dual Tone Multi-Frequency.
DNS
Domain Name Service
E.164
ITU-T , 16 .
ENUM
, IETF, IP , DNS.
FTP
File Transfer Protocol
Fuzzing
GCF
Gatekeeper Confirmation
VoIP
82
GK
GateKeeper. H.323 ,
IP , ..
GKSP
Gate Keeper Security Processor
GRQ
Gatekeeper Request
H.323
ITU-T, ,
-
HBA
Host Bus Adapter. .
HIDS
Host-based Intrusion-Detection System. , , .
HTTP
HyperText Transfer Protocol
IAX
Inter-Asterisk Exchange. Asterisk PBX- .
ICMP
Internet Control Message Protocol. 3- , .
IDS
Intrusion Detection Service
IETF
Internet Engineering Task Force. 1986. , ,

, Internet.
(RFC - Request For Comment), ,
.
IP
Internet Protocol
IPSec
IP, .
IKE
Internet Key Exchange. IPSec, IP VPN.
IMS
IP Multimedia Subsystem, NGN 3GPP SIP
iSCSI
Internet Small Computer Systems Interface. ,

SAN(Storage Area Network) NAS (Network Attached Storage) IP .
ITU
International Telecommunication Union. , 1934., - -

, ,
, , .
: ITU-R (), ITU-T ( ), ITU-D
( ). ITU-T CCITT (Comite Consultatif Internationale de
Telegraphique et Telephonique) - 1982. - .
Jitter
LEC
Local Exchange Carrier. , - , .
MAC
Media Access Control. .
MD5
Message Digest version 5 Algorithm. RFC1321,

128 "".
MGCP
Media Gateway Control Protocol. VoIP , ,

- (MGC), CA.
MITM
Man In The Middle.
MIKEY
Mode of Key Distribution in Multimedia Internet Keyring.

SIP RTSP.
NAT
Network Address Translation. , IP

() .
NGN
Next Generation Network, - , VoIP .
NIDS
Network Intrusion Detection Systems. , ,
.
NTP
Network Time Protocol. -.
Packet burst , ,
.
PBX
Private Branch eXchange. .
POP
Point Of Presence. .
PSTN
Public Switched Telephone Network. ITU-T, .
PIN
Personal Identification Number.
PKCS#7 Public Key Cryptographic Standart #7. PKI .

PKI
Public Key Infrastructure. , , , , ,

.
PSAP
Public Safety Answering Point. - , (. . 112).
VoIP
QoS
83
Quality of Service
Quad play , Triple play ( , )

.
RAS
Registration, Admissions and Status. H.323.
RAT
Robust Audio Tool
RC2
Rivest Cipher
RFC
Reguest For Comment. , IETF .
RPC
Remote Procedure Call. , /

.
RRQ
Receive Request
RTP
Realtime Transport Protocol. IETF IP.
SBC
Session Border Controller. - VoIP , -

.
,
. , , .
SDP
Session Description Protocol. RFC2327, IP .

SIP.
SHA-1
Secure Hash Algorithm 1. , 264 160 .
SIP
Session Initiation Protocol. - , ,

.
SPIT
Spam over Internet Telephony
SS7
Signalling System 7. - 64kbit,

, .
STB
Set-Top Box. - ,
. STB IP ,
, .
SCCP
Signalling Connection Control Part Skinny. SS7 ,

, .
SIPS
SIP Secure
S/MIME Secure/Multipurpose Internet Mail Extensions

Spoofing .
Solaris
SUN/Oracle.
SNMP
Simple Network Management Protocol. -

. OSI .
SSL
Secure Sockets Layer. WWW, ,

.
STUN
Simple Traversal of UDP through NAT. , - NAT .
SYN
SYNchronous. TCP - , 6 TCP .

TCP .
Syslog
System log. , PC.
TCP
Transport Control Protocol. -- 4- OSI .
TLS
Transport Layer Security. , RFC2246 IETF.
Triple play , , .
TDM
Time Division Multiplex. , /

, .
Telnet
, .
TFTP
Trivial File Transfer Protocol. FTP, .
UA
User Agent. , .
UDP
User Datagram Protocol. TCP/IP, (datagram-),

.
URI
Uniform Resource Identifier. , , .
URL
Uniform Resource Locator. , , HTTP

.
VLAN
Virtual Local Area Network. ,
VoIP
84
.
VoIP
Voice over IP
VPN
Virtual Private Network. , ,

.
VSP
Voice Service Provider
WWN
World Wide Name. -, ATA SCSI .
ZRTP
Z Real Time Protocol. VoIP , Diffie-Hellman

SRTP . .
VoIP
:
Hacking VoIP, 1st Edition, Himanshu Dwivedi
Practical VoIP Security, Larry Chaffin; Jan Kanclirz, Jr.; Thomas Porter; Choon Shim; Andy Zmolek
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures, Peter Thermos; Ari Takanen
Voice over IP Security Alliance, http://voipsa.org
RTP, A Transport Protocol for Real-Time Applications, http://www.faqs.org/rfcs/rfc1889.html
http://www.grc.com/nat/arp.htm
S. Niccolini. VoIP Security Threats, http://tools.ietf.org/id/draft-niccolini-speermint-voipthreats-00.txt
S. Lawrence, Problems with Max-Forwards Processing (and Potential Solutions) IETF Draft, http://tools.ietf.org/html/draftlawrence-maxforward-problems-00
Gibson Research Corporation: Arp Cache Poisoning,
D. Shin and C. Shim, "Voice SPAM Control with Gray Leveling," Proceeding of 2nd VoIP Security Workshop
Fraud Analysis in IP and Next-Generation Networks. The International Engineering Consortium,
http://www.iec.org/online/tutorials/fraud_analysis/
S. Kent and R. Atkinson. Security Architecture for the Internet Protocol (IPSec). RFC 2401
M. Baugher, D. McGrew, M. Naslund, E. Carrara, K. Norrman. "The Secure Real-time Transport Protocol (SRTP)," IETF RFC 3711
F. Andreasen, M. Baugher, D. Wing. Session Description Protocol Security Descriptions for Media Streams, IETF draft draft -ietf-mmusicsdescriptions-12.txt
J. Bilien, et al. Secure VoIP: Call Establishment and Media Protection. Royal Institute of Technology (KTH). Stockholm, Sweden
J. Arkko, et. al. MIKEY: Multimedia Internet KEYing. IETF RFC 3830
Cisco TLS Implementation Steps, TLS
imlementation
Avaya TLS Implementation Steps, http://support.avaya.com/elmodocs2/sip/S6200SesSip.pdf
Asterisk SRTP Implementation Steps, http://www.voip-info.org/wiki/view/Asterisk+SRTP
libSRTP, an open source library for SRTP, http://srtp.sourceforge.net/srtp.html
PacketCable, Security technical Report, [PKT-TR-SEC-V01-060406]
PacketCable Architecture Framework Technical Report [PKT-TR-ARCH- ARCHFRM-V01-060406]
Symantec SecurityFocus, http://www.securityfocus.com/archive/1
MITRE CVE database, http://cve.mitre.org
BackTrack 4, http://www.remote-exploit.org
Newtons Telecom Dictionary
85

Сигурност във VoIP мрежите

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Сигурност във VoIP мрежите

Uploaded by

Copyright:

Available Formats

[ VOIP

( REGISTER, INVITE SIP ).

(SIP ) 401 407 - ,

, MD5 hash, SIP ,

4.1-5. SIP DoS signaling loop

, Voice over IP.

ARP (poisoning), ARP spoofing

SIP, H.323, Cisco SCCP, Skinny,

AUEP (Audit End-Point) (1500)

AUXC (Audit Connection) , (

, (CA - Call Agent),

MDCX (Modify Connection)

-, command prompt Windows:

TFTP HTTP , boot

TFTP , 46xxsettings.txt and

Cain & Abel , --,

hex), (00 55 00 53 00 45 00 52 00 00 USER

4.2-4. E.164 duplicateAlias

"700" 800 . .164

Nemesis BackTrack Live CD.

MAC (H.323 ): 02:34:4F:3B:A0:D3

407 Proxy Authentication Required

SIP SIP , ACK:

SIP INVITE, ProxyAuthorization. , Cseq 101 102, INVITE

Via: SIP/2.0/UDP domain-a.com:5060;branch=z9hG4bK-f7bb35c3

qpop_value . (RFC 2617).

SIPS SIP ( ) UDP, TCP

SRTP (Secure Real Time Protocol). , Sdescriptions

SMTP SIP. MIME

TLS, DTLS IPSec. .

5.6-1. SIP IPSec

IPSec ~2.7 IPSec

H.235 300 400ms, (H.323

5.7-2. H.235.6 RTP anti-spam

RTP, . RTP, RTCP

5.9-2. , SDescriptions SIP

key-mgmt SDP , MIKEY

5.9-5. ZRTP , Diffie-Hellman

5.9-6. ZRTP DTMF :

CA VLAN (Call Agent)

6.2-3 ACL, MGCP

CA VLAN (Call Agent)

, (BCE Border Control Element)

3rd Generation Partnership Project.

Advanced Encryption Standart. , DES,

Access Control List, .

Address Resolution Protocol. , TCP/IP, IP Ethernet

American Standart Code for Information Interchange. ( ),

Active Server Pages

Abstract Syntax Notation One. "",

Border Control Element

Bootstrap Protocol. TCP/IP , -

Call Agent. MGCP.

Cipher Block Chaining. , - DES ,

Call Detail Record. , , .

Contact Image Sensor

Cisco Internetwork Operating System. Cisco .

spomagatelen source sync

Dynamic ARP Inspection

Dynamic Host Configuration Protocol. IP .

Distributed Denial of Service. .

DOCSIS Data-Over-Cable Service Interface Specifications PacketLabs

Digital Subscriber Line. - ,

Datagram Transport Layer Security. TLS UDP.