Fuzzing PJSIP and chan_skinny, vulnerability information and advisories
Published on May 23, 2017 in fuzzing, denial of service, asterisk, sip security, gasoline
In the recent past, Alfred Farrugia and myself started looking at fuzzing OpenSource VoIP projects such as Asterisk, FreeSWITCH and Kamailio and their dependencies. Our internal Enable Security project was given the unimaginative name of rtcfuzz and, by now, we are making use of a combination of public tools like American Fuzzy Lop and Radamsa, together with our internal tools …And is, of course, giving us some good results. We reported three issues to Digium, two of which actually affect PJSIP and one of which affect chan_skinny.…
Read more »New Mascot and Tshirts!! and .. Kamailio World 2016 - 9 Years Of Friendly Scanning And Vicious SIP
Published on May 24, 2016 in conferences, sipvicious oss, sip security
On the presentation Last week I had the pleasure of presenting something new at Kamailio World 2016. Great community and excellent feedback! The presentation went through the following: How and why SIPVicious was originally written and published Those strange emails and phone calls asking for special version ;-) RIPE’s 1.1.1.0/24 experiment and how it was interesting in terms of SIP security Sality pushing modified versions of SIPVicious Attackers making use of insecure Tandberg systems to install SIPVicious SVCrash - why it was published and how it worked Security updates from the VoIP and PBX industry Rewriting SIPVicious (various fails) What happened since then and what I’ve been using during VoIP pentests that involve SIP 2016, yet another rewrite on the way New features in this latest rewrite attempt and how they show some important security issues Some parts were sped up due to the limited time that I had for my presentation, but I think the main points were delivered.…
Read more »Time flies! A summary of updates for the past few years and Kamailio World!
Published on May 13, 2016 in sip security, sipvicious oss, security tools
I just realised that I have not updated this blog since ages even if we have done some really cool stuff with SIP during that time. Unfortunately, many of the specifics are (to a certain extent) behind non-disclosure agreements. However, here is a list of stuff that happened that has to do with SIPVicious (or not): There was a release back in 20121210, v0.2.8 Like everyone else, we moved to Github…
Read more »If SIPVicious gives you a ring…
Published on Dec 10, 2012 in asterisk, cyber crime, sip security, sipvicious oss, security tools
Note: SIPVicious version 0.28 is out, go get it. I like to keep an eye on the social media and Google alerts for SIPVicious and in the last few months I noticed a rise in mentions of the tools. Specifically, a number of Korean twitter users (who have their service with KT, a VoIP service provider) complaining about receiving a call from a caller-id showing ‘SIPVicious’. After contacting a Korean friend, this led to an interview by a reporter for an article that was published on a Korean tech news site Boan News.…
Read more »SIPVicious 0.2.7 released and rewrite coming up, looking for testers!
Published on Feb 22, 2012 in sip security, sipvicious oss, security tools
Get it now! This is the last release in the 0.2 series which fixes a number of stability issues and bugs before moving on to a total rewrite. Are you a SIPVicious user? Get in contact if you have a VoIP lab or simply want to test the rewrite of SIPVicious. The internal version already includes support for TCP, TLS and IPv6 ;-) The changelog for this one: Feature: svcrash.py has a new option -b which bruteforces the attacker’s port Feature: svcrack.…
Read more »Asterisk forensics: the logs vs the attackers
Published on Jan 2, 2012 in sipvicious oss, security tools, voip security, asterisk
Recently I had the opportunity to present on VoIP insecurity around various conferences this year, on my own and also with Joffrey Czarny. At Secure 2011 we had one day a workshop and one of the things we showed was the effect of a typical SIPVicious attack on an Asterisk box. The following videos (best seen in full screen and high quality) illustrate what happens. When we run svmap.py, nothing usually shows up on the asterisk logs.…
Read more »VOIPPACK updated to v1.4
Published on Jan 25, 2011 in security tools, sip security, asterisk
Quick note, VOIPPACK now includes support for Cisco Call Manager and more tools to break that Asterisk PBX (FreePBX / Trixbox focus). The blog post on EnableSecurity includes more details.…
Read more »11 million Euro loss in VoIP fraud .. and my VoIP logs
Published on Dec 14, 2010 in cyber crime, softphone security, voip security
And the attackers made over 1 million in profits. This just emerged from a raid (and hearing apparently) in Romania and other countries. The two main persons being fingered are Catalin Zlate and Cristian Ciuvat. It seems that they were scanning for PBX servers with phone extensions that have weak passwords. Then they abused these accounts to make phone calls for “free”, except that free has the price of 11 million EUR for the victims!…
Read more »Distributed SIP scanning during Halloween weekend
Published on Nov 4, 2010 in sipvicious oss, security tools, sip security
Over last weekend there were a number of reports of VoIP (especially Asterisk) servers that were “under heavy attack”. I have looked at some packet traces and noticed how the SIP messages look very similar to the ones generated by SIPVicious especially svwar.py. In fact, I think this is a modified version of SIPVicious that is being distributed on a botnet. Take a look at the following message generated by these new scans:…
Read more »AstriCon roundup and vendors adding security features
Published on Oct 29, 2010 in asterisk, conferences, sip security
So I’ve finally been to AstriCon and I noticed a great increased interest amongst the attendees with regards to security, fraud and “hacking”. The slides for my presentation titled “Just how vulnerable is your phone system” can be downloaded from this location. So what are the changes and additions from the software developer’s side? Asterisk 1.8 has been released touting TLS support for SIP and SRTP support too, plus a framework to make auditing easier 3CX havereleased a major security update with features to make it easier to set proper passwords I just received an email from Brekeke highlighting their security pageon their wiki which was originally published on March 11, 2009 What accounts for these changes?…
Read more »