TECHtionary.com TECH-TIP - VoIP Testing Is About \"Fuzzing\" - Part 1 of 2 available at www.techtionary.com

    /24-7PressRelease.com/ - May 23, 2005 - Before and after installation a VoIP system various tests should be completed. In addition, there are certainly other tests such as functional protocol testing called fuzzing that should also be completed. While there are examples of security attacks such as DOS, IP-Sec and others located throughout TECHtionary, in this TECH-Tip here are two animated examples of how VoIP attacks can occur. One is MIM-Man-In-the-Middle attack. Another example is a SIP attack. In other words, since SIP is a common set of communications protocols attacks or intercepts will be prevalent.



---- More Details Covered in the Tutorial



Here are some of the kinds of attacks that your VoIP system should be designed and tested to protect against:

- Toll Fraud - the IP version of the classic attack by a person impersonating an employee or Console Cracking (asking the operator for an outside trunk) to make long distance calls. However, the attacker impersonates a valid user and IP address by plugging in their phone or spoofing the MAC ethernet address.

- Eavesdropping - the attacker sniffs (taps into the LAN wireline or WiFi connection) to intercept voice messages. Easily available programs such as VOMIT-Voice Over Misconfigured Internet Telephony perform this function.

- Call Hijacking - attacker spoofs a SIP Response redirecting the caller to a rogue SIP address and intercept the call.

- Resource Exhaustion AKA-Also Known As DOS-Denial Of Service attack. This attack reduces the number of available IP addresses, bandwidth, processor memory and other router/server functions.

- Message Integrity - MIM-Man-In-the-Middle attack to intercept, alter or redirect call.

- Message Type attacks - attacker bombards (repetitive) SIP server with BYE or CANCEL messages or ICMP-Internet Message Control Protocol "port unreachable" messages.



Part 2 will explain various types of VoIP systems and different security formats. In Part 2, there are detailed animations on:

- Proxy/Gateway/SBC-Session Border Controllers In/Outside the Firewall

- Proxy/Gateway in Co-Edge Mode

- Proxy/Gateway Outside the Firewall

This tutorial will review these formats and risks associated with them. For example, when a firewall provides NAT between an internal and an external network, proxies may allow VoIP traffic to be processed properly, even in the absence of a firewall that can translate addresses for VoIP traffic. Since VoIP is not the only type of data traffic and since each customer situation is completely different, guidance from the VoIP/IT designer is essential.

About TECHtionary.com - 303-444-6226
TECHtionary Corporation founded in 2001 and headquartered in Boulder, Colorado is the World's First and Largest Animated Library on Technology. Get the this analysis and more than 2,550 tutorials on data, internet, wireless, VoIP-Voice over Internet Protocol (internet telephony), PBX systems, central office switching, protocols, telephony, telecommunications, networking, routing, power systems, broadband, WiFi-Wireless Fidelity and other technologies, TECHtionary.com provides "just enough - just-in-time" critical success information.

# # #