[asterisk-users] Security tests

[Daniel Bareiro]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, Steve.

On Fri, Apr 23, 2010 at 22:38:49 -0300, Steve Totaro wrote:

>> Perhaps it was not very clear, but yes, I was talking about this. I
>> believe that I found the cause of the problem. The cause by which I
>> was not seeing VoIP traffic between 10.1.0.38 and 10.1.0.65 is
>> because there is no direct traffic among them but that is between
>> each party and the Asterisk server :-) So using ettercap with de IP
>> of Asterisk server and 10.1.0.65 I can now capture and play calls
>> from this IP to 10.1.0.38 or vice versa.
>>
>> But I'm noticing that playing from Wireshark it can be heard delayed.
>> Is it normal to happen?
>>
>> On the other hand, I had to change the order of preference of the
>> codecs in the sip.conf so that G711 is preferred over GSM, because it
>> was configured in a reverse order of preference and I see that the
>> RTP player of Wireshark does not support GSM. Do you know any way to
>> play GSM directly from the captured packets?
>>
>> > How did you place your virtual "listening" machine into the
>> > network, is it connected to an old hub, or a switch, or the
>> > mirroring port of a switch, or does it use the same NIC (and
>> > computer) as the softphone?  You will first need to get "in
>> > between" the two endpoints in order to be able to capture that
>> > point-to-point RTP traffic - there are "normal" and "malicious"
>> > ways to achieve that.
>>
>> I have a switch that connects to the phone (10.1.0.38), PC with
>> softphone (10.1.0.65), the Asterisk server and a VMHost that has the
>> virtual machine where I use ettercap and tcpdump.

> Check out *Cain* & *Abel* http://www.oxid.it/ and OrecX
> http://www.orecx.com/web/products-orekagpl.php.  Oreca will run just
> fine on your Asterisk box.

I had read something about Cain & Abel. I will try reproducing the
capture in an equipment with Windows using Cain & Abel because here, in
my house, I only have GNU/Linux and OpenBSD. About the delayed
reproduction on Wireshark, is it something that also you have
experimented?

> I am not sure what kind of security audit you are trying to do.  What
> you propose is simple and simply the way things work, it is not
> security.

This is initially for an presentation about security in the course of
Distributed Systems. My idea was to speak on attacks and countermeasures
in VoIP.

On the other hand, they are asking to me to make a practical
demonstration of the countermeasures. Although a direct form to avoid
this is using VLANs, it seems that the idea is to demonstrate the
countermeasures with some software. Then I was thinking about trying,
for example, SRTP or SIP over TCP/TLS. Do you have implemented it on
Asterisk 1.4? In such case, could you recommend some good document on
this matter? I'm using at the moment Asterisk 1.4.24.1.

Thanks for your reply.

Regards,
Daniel

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkvdgVkACgkQZpa/GxTmHTfukwCgg3hf2mBvZHXqiEjk2JAvI1dW
+6sAoI/bDWWfEeWvY9InSO1Pi0381uNu
=hHoH
-----END PGP SIGNATURE-----