12 Security Assessment(Fuzzy Packet) PBX Network Fuzzy Packet is a tool that is able to manipulates and generates data messages by injecting and capturing packets into a network. Security Assessment Security Assessment Fuzzy Packet soft Its functionality depends in the XML templates which configure the actions to take. Spam Injector Spam Listener Fuzzer Brute Register User Enum Fuzzer ARP ARP Injector XML Templates Functions Its architecture embeds on a Plug- In model, so it provides an easy extensibility to new features. 12
13 <usergenerator> <assignuser>user</assignuser> <assignpass>pass</assignpass> </usergenerator> <string>register sip:pbx-server.com SIP/2.0</string> <CRLF/> <string>from: sip:</string> <variable>user</variable> <CRLF/> <string>call-id: </string> <randomstr> <minlen>5</minlen> <letters/> <numbers/> </randomstr> <CRLF/> Data Generator (Fuzzer) generates REGISTER sip:pbx-server.com SIP/2.0 From: Call-ID: Random user and password generator PlugIn Creates the string followed by carriage return and a line feed Creates the string followed by the result of the python code Creates the string followed by a random string composed of letters and numbers with length bigger that 5 characters Other possible actions Replace Reg. Expressions Repeats blocks Conditionals, probabilities Execution of Python Methods 13
14 Lost Packets Register Reply User Enumeration Captures the replies and generates an authenticate message if necessary Network PBX Authentication Register Packets Generates REGISTER messages and inject them into a network. <sniff> <device>eth0</device> <inject> <packet> <ethernet> <source>..</source> <destination>..</destination> <ip>.. </ip> </ethernet> </packet> <xi:include href="sip/register.xml"/> </inject> </sniff> <filter>udp and port 5060</filter> <capture> <assignvar>msg</assignvar> <continue>callidexist(msg)</continue> <choice> <option> <condition> isuserexists(msg) </condition>.. </option> <option> <condition> isuseracepted(msg) </condition>.. </option> </choice> <continue>isrequiredauth(msg)</continue> <injectreply> <invertpacket/> <xi:include href="sip/auth.xml"/> </injectreply> </capture> Assign the captured packet to the msg variable Check if the Call-ID is in our list of msg Check if Status-Code is 100 Trying. Add to a priority list Check if Status-Code is 200 Ok. User accepted by the Server An Authentication challenge is required, so it inject a reply message for it 14
15 A RPT MSG B INVITE B RPT MSG A OK A RPT Listening Sniffed Codecs Sniffed Codecs RPT sniffed Sniffing Codecs Spam Injection RPT MSG B INVITE B RPT MSG A OK A RPT SPAM Injection B <capture> <assignvar>msg</assignvar> <choice> <option> <condition>isinvite(msg)</condition>.. </option> <option> <condition>isok(msg)</condition>.. </option> </choice> </capture> Listening RPT packets <pycode>rtp = RTPPackets()</pycode> <pycode>rtp.startreading()</pycode> <sniff> <device>eth0</device> <filter> <string>ip src net </string> <variable>called_ip</variable> <string> and udp and src port </string> <pycode>called_rpt_port</pycode> </filter> <capture> <assignvar>msg</assignvar> <pycode>rtp.listencurrentpacket(msg)</pycode> </capture> </sniff> <pycode>rtp.stopreading()</pycode> Injecting Spam <pycode>rtp = RTPPackets()</pycode> <pycode>rtp.openfile(codecs,"test.wav")</pycode> <pycode>rtp.startreading()</pycode> <sniff> <filter>..</filter> <capture> <assignvar>msg</assignvar> <pycode>rtp.setrtpfields(msg)</pycode> <injectreply> <pycode>rtp.getcurrentpacket()</pycode> </injectreply> </capture> </sniff> <pycode>rtp.stopreading()</pycode> 15
16 who who is C? is A? ask A B & C A SWITCH SWITCH ARP Injection (achiving man in the middle ) who is B? ask A this is C who is C? this is C ask A B C We want to see all the packets from a Computer A. Reply the ARP Request send by every computer involving the IP of A. To computer A: every IP go through the intruder To other computers: A's IP goes through the intruder Still, we want to renew the cache before they send a Request message, so we can send ours, once in a while to ensure they send all packet through our the intruder 16
17 Demo PBX DHCP TFTP TestBed ARP Injector Injects ARP packets into the caller in order to be in the middle of every packet it send. SWITCH Spam Injector Injects RTP packets (a recorded message) into the called party conversation. Called party Caller party Listener Capture RTP packets from the called party conversation and play them in the current computer. User Enum Try to register (brute force) in the PBX by injecting and capturing packets in the network. 17
11/2010 Versie 1 About This Guide Thank you for choosing the tiptel IP 28xs which is especially designed for power users in the office environment. It features fashionable and sleek design, abundant telephony
About This Guide Thank you for choosing this Enterprise IP Phone which is especially designed for power users in the office environment. It features fashion and sleek design, abundant rd telephony applications,
www.voicesonic.com Phone: 877.289.2829 Administrator Guide SIP Cordless Phone Model No. KX-TGP500 KX-TGP550 Thank you for purchasing a Panasonic product. Please read this guide before using the unit and
Technical Bulletin 43565 Using Polycom SoundPoint IP and Polycom SoundStation IP Phones with Asterisk Introduction This document provides introductory information on how to use Polycom SoundPoint IP phones
IceWarp Unified Communications VoIP Service Reference Version 10.4 Printed on 13 April, 2012 Contents VoIP Service 1 Introduction... 1 The Big Picture... 4 Reference... 5 General... 5 Dial Plan... 7 Dial
User's Manual (English) SIP-telephone with answering machine and system functions* tiptel 83 VoIP * only in connection with tiptel.com 410-811 tiptel About this telephone Safety Notes This telephone can
WS290 WIFI IP Innovative VoIP Phone User Manual Co.Ltd INDEX 1. Getting Started... 4 About... 4 Feature Highlights... 4 2. Set up the Phone... 4 3. Phone User Interface... 6 3.1 Hardware Component Instructions...
TalkSwitch User Guide Version 7.11 TalkSwitch User Guide Version 7.11 25 April 2012 26-711-169058-20120425 Copyright 2012 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and FortiGuard, are registered
IceWarp Unified Communications Reference Version 11.1 Published on 11/4/2014 Contents... 4 About... 5 The Big Picture... 7 Reference... 8 General... 8 Dial Plan... 9 Dial Plan Examples... 12 Devices...
3CX Phone System Cloud Server Administration Manual Copyright 2013 2014, 3CX Ltd. http://www.3cx.com E mail: firstname.lastname@example.org Information in this document is subject to change without notice. Companies names
I Table of Contents Part I Introduction 1 Part II Requirements 1 Part III Installation 2 1 Power... Adapter 3 2 Power... over Ethernet (PoE) 3 3 IP Address... 3 4 Factory... Settings 3 4 Part IV Registering
Fanvil Product User Manual IP Phone Model: C58/C58P Version: V.184.108.40.206 2005 Fanvil technology Co., Ltd All rights reserved. This document is supplied by Fanvil Technology Co., Ltd, No part of this document
Genesys 420HD IP Phone with Genesys SIP Server Configuration Guide The information contained herein is proprietary and confidential and cannot be disclosed or duplicated without the prior written consent
FortiVoice Version 7.00 VoIP Configuration Guide FortiVoice Version 7.00 VoIP Configuration Guide Revision 2 14 October 2011 Copyright 2011 Fortinet, Inc. All rights reserved. Contents and terms are subject
Network And Internet Management Services VoIP Products Guide Contents Contents... 2 1. What is VoIP?... 5 Why choose VoIP?... 5 2. What VoIP products do we offer?... 5 VoIP EasyAccess... 5 VoIP Express...
The owner friendly phone system for small business VoIP Network Configuration Guide Release 7.10 Copyright 2011 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager,
snom 320 VoIP Business Phone Manual 2005 snom technology AG All rights reserved. Version 1.00 www.snom.com snom technology AG Gradestr. 46 12347 Berlin, Germany 2005 snom technology Aktiengesellschaft.
Voipswitch Manual for version 340 and higher by Gabriel Georgescu 1 OVERVIEW 3 SOFTSWITCH 4 REQUIREMENTS. 10 PROGRAM INSTALLATION. 10 LAUNCHING THE MAIN APPLICATION VOIPSWITCH 12 GATEWAYS 18 GK/REGISTRAR
VoIP communication AX210 IP Telephone System User Manual 1 AX210 Menu Getting Started... 3 Introduction... 4 Packing list... 5 Specification... 5 Hardware setup... 6 First Login to Wizard... 7 Extension...
3300IP-TRM VoIP Phone User Manual TeleMatrix, Inc 1 1 Introduction...5 1.1 Overview of Hardware...5 1.1 Overview of Software...5 2 Keypad of 3300IP-TRM...6 2.1 Function Table of Keyboard...6 2.2 Keyboard
Getting Started Guide Cloud Server powered by Mac OS X Getting Started Guide Page 1 Getting Started Guide: Cloud Server powered by Mac OS X Version 1.0 (02.16.10) Copyright 2010 GoDaddy.com Software, Inc.
Configuring Skype for Business using Grandstream CPE Devices Thank you for your interest in configuring Grandstream s SIP devices for Skype s SIP Trunking Service. This document describes the basic configuration
GO!NotifyLink ActiveSync Solution for ios Devices User Guide GO!NotifyLink ActiveSync Solution for ios Devices: iphone, ipod touch, ipad, ipad mini What s in this document This document: Lists software