被忽视的VOIP安全特性

我在voip时是wanker。我不是一个巨大的VoIP粉丝。不。根本不多。当我在成长时，掠夺从来没有真正吸引我。我记得绊倒我的第一个5六岁，而不是想到“那很酷”，但“那么”。有点奇怪，因为VoIP拥有工程设计中所喜欢的所有元素。它有许多零件，单独的协议，编程元素，高端用户满意度，大量的可扩展性和批次和许多可调调节元件。所有的吉米光线书在一个周末有趣的东西。但对我来说，我所看到的是，在我的数据网络上攻击和尴尬的大目标。 I am a wanker, Local 214. Voice is a great career path, most likely one of the absolute best for now. Although, I believe the real money/opportunity is going to be in Data Center. As a matter of fact with many of the resellers I meet with weekly they tell me they can not hire enough voice certified specialist. They are begging and trying to steal them for others all the time. So as a career path, Voice is top shelf. I know that and I hear that and I understand that, but while I study for my final CCVP exam my mind is drifting to the astral planes of double vlan tag hopping, eavesdropping and toll jacking. Toll jacking. Hmmm...(pinky finger to corner of mouth) seems like to me that is a fairly reasonable vector into a voice network. Taking human behavior into account here, I am going to assume (dangerous, I know) that many VOIP networks are config’ed by data folks interested in Voice and not the other way around. Some of the old school phracky-phrack stuff could come in handy here. This could mean I have a vector into the network to make free phone calls...If I would have only had this when Sanjaya was on Idol... So I grabbed my Blue Box and with permission (Note to Cisco Legal), I tested five VOIP networks and I was able to dial out get free calls through three networks! Here is how I did it:黑客00x01:清洁人员电话Perk嘿，让我们面对它，我44岁，有点胖和有点胖。爬过围栏，从天花板上的窗户或悬挂电缆都很长，对我来说很长。我需要通过门或网络电缆来进入网络。所以我等待清洁船员到达，我抓住了我的红色砰砰的工具箱，并与其他人一起前门，刚刚表现得像我知道在哪里，我属于那里。它有助于与某人一起走“和谈论”，因为大多数人都不想打断你的讨论。哦，我也拿了一个古老的酒店钥匙，侧身转动，戴在徽章牵发器上，所以我看了一眼。无话可问！我走进去，到了一个远距离挑选的电话拨打“9”和两个阶段拨号音点击PBX告诉我胜利是我的！01149611 ......全部容易...（在我最好的Darth Vader语音中）我们是如何解决这个问题的:机会并不是很多人将要去这个长度来拨打几个数字。但肯定是一个小时的工作人员现在可以再次拨打几个电话，并在雷达下再次滑动。The fix for this is simple, we config’ed up an After Hours Toll Restriction policy in the CM like this: telephony−service after−hours block pattern 1 91 after−hours block pattern 2 9011 after−hours day mon 20:00 07:00 after−hours day tue 20:00 07:00 after−hours day wed 20:00 07:00 after−hours day thu 20:00 07:00 after−hours day fri 20:00 07:00 after−hours day sat 10:00 07:00 after−hours day sun 12:00 12:00 This policy blocked outbound dialing of long distance calls with pattern 1 and international calls with pattern 2, Monday to Friday from 8PM to 7AM and on Saturday from 10AM to 7AM an all day on Sunday. This is low level logic blocking and worked just fine for this customer. You can get more detailed higher logic blocking with a Class of Restriction policy if need be.黑客00x02:流氓PBX人们正在寻找更快的方式让VOIP系统开始为自己付费。VOIP的节省就像试图证明更安全的节省是合理的。哦，当然我们技术类型的人知道真正的节省和真正的****节省恩典，安全和内部管理VOIP提供。问题是会计部门的波因德克斯特看不到这一点。使用Internet作为主干提供商确实在后端提供了大量的现金节省。问题是许多SIP/H323中继配置不正确，将允许无限制地访问您的电话系统。事实上，有一个巨大的企业建立流氓PBX的窃取你的服务，然后他们转售干线访问不知情的供应商在世界各地。这种黑客在非洲非常流行。首先，我用NMAP和-sV开关扫描你的网络，寻找TCP或UDP端口5060 (SIP)和TCP端口1720 (H323)。我还查找发送到224.0.1.75的SIP REGISTER消息，如果我命中其中一个，那么我运行SIPScan枚举更多信息。 I used to use SIPsak here, but SIPScan is really a better tool to me. Then I just take a simple SIP ready phone and try to connect it to the PBX. It is AMAZING how many times this works. If the PBX is outside of the firewall which in this case is exactly what the config was I have unlimited access. Other methods include relay SIP messages similarly to what is done on a open email relay for spam. SiVus is a great tool for crafting packets to do that. Of course you can also install and config a SIP B2BUA like SIP_Rogue but it is not for the faint at heart for sure. This tool was coded by VOIP ultra geek, Mark Collier. (check out his company and smokin' hot website http://www.voipsa.org/Resources/tools.php) The config is tough and a bit unstable but when it works, man alive it is a fantastic tool.我们是如何修复的:幸运的是，我们的思科类型的人，CM配置默认不接受来自匿名源的呼叫，只从预先配置的SIP代理服务器。但是，如果你想再次检查，或者你是在一个较旧的版本，然后进入CLI并输入命令集:interface serial 0/2 ip access−group 111 in access−list 111 permit udp host