한국어

소프트스위치

온누리070 플레이스토어 다운로드
    acrobits softphone
     온누리 070 카카오 프러스 친구추가온누리 070 카카오 프러스 친구추가친추
     카카오톡 채팅 상담 카카오톡 채팅 상담카톡
    
     라인상담
     라인으로 공유

     페북공유

   ◎위챗 : speedseoul


  
     PAYPAL
     
     PRICE
     

pixel.gif

    before pay call 0088 from app


http://nicerosniunos.blogspot.kr/2012/05/flooding-asterisk-freeswitch-and.html


Flooding Asterisk, Freeswitch and Kamailio with Metasploit

Hi, it has been a long time since my last post because of my new job and my final year project ("VoIP denegation of service attacks" for curious) but there is something I found during my tests with FreeswitchKamailio and Asterisk that I want to share.
NOTE: Really, guys of Security By Default blog published us (my good friend Roi Mallo and me) two articlesabout how to develop modules for Metasploit framework, another two are coming.  ;)

During my project, among others, I developed a Metasploit module which can flood SIP protocol with common frames (INVITE, OPTIONS, REGISTER, BYE), I wrote it at Quobis (nice job ;) in order to use it for some private tests because actual software didn´t fit our needs, so we are going to probe how is the behavior of different GPL VoIP servers against this kind of attacks:
- Asterisk: I think it needs no introduction, the famous softswitch/PBX software.
- Freeswitch: It´s a newer softswitch that seems to be Asterisk replacement and I really like.
- Kamailio (former OpenSER): It is the most known GPL SIP proxy.
Virtual machines
First of all I want to be clear about two things:
- Test were made without any protection on the server side, in a real environment we shoud find (in theory xD) something like Iptables, Snort, Fail2ban, Pike or a propietary Session border controller in large arquitectures. Anyway, it should be enough for this proof of concept.
- Asterisk and Freeswitch are PBX software, they were not designed to run between the limits of the infrastructure and Internet, although they are usually placed there. In fact, one of the reason of this post is to show the importance of using a SIP Proxy because of security and performance reasons.

Next pictures show an example of the Metasploit module use and generated traffic, we will use the same attack against differents IPs, so I´m showing it once only:
Module use and config
Captured traffic
I chose INVITE packets because they are much more effective against all kind of SIP devices and TIMEOUT to 0 trying to get more traffic. Then, the results:
NOTE: With Wireshark filter "sip.Method==REGISTER or sip.Status-Code==200 and !sdp" we can see if a softphone (Jitsi in this case) could be registered , this way we can confirm if tested software losts some REGISTER packages under attack.
Metasploit vs. Asterisk

Metasploit vs. Freeswitch
 

Metasploit vs. Kamailio

Pictures show how Metasploit module can flood both Asterisk and Freeswitch, but not Kamailio. Moreover, Asterisk lost REGISTER packets under the attack and Freeswitch did "strange" things answering with a lot of "200 OK" responses. This problem would be much more important in a real environment with hundreds of phones trying to register at the same time.

As conclusion we can confirm the use of Kamailio (I think OpenSIPS or another SIP Proxy would reach the same results) as frontier with "the wild". In addition we can also use Pike module for DoS protection and we could suppose that it would respond to a high volume of traffic in a better way than other two alternatives. To sum up I would like to remark that we can see Kamailio creates different forks to manage connections, this seems to be the key of its good performance. But next times I will show how to flood Kamailio with better results and the countermeasurements to protect yourself against it. ;)

조회 수 :
103320
등록일 :
2013.04.06
22:36:46 (*.160.42.88)
엮인글 :
http://webs.co.kr/index.php?document_srl=19768&act=trackback&key=6fb
게시글 주소 :
http://webs.co.kr/index.php?document_srl=19768
List of Articles
번호 제목 글쓴이 날짜 조회 수sort
82 Presence Tutorial OpenXCAP setup admin 2014-08-18 42160
81 OpenSIPS , default script , Types of Routs , Routing in SIP, Video lecture admin 2014-08-13 41919
80 MediaProxy 2.3.x & OpenSIPS 1.5.x Integration admin 2014-08-24 41770
79 A lightweight RPC library based on XML and HTTP admin 2014-08-18 41657
78 Opensips install debian admin 2014-03-03 41596
77 A Survey of Open Source Products for Building a SIP Communication Platform admin 2014-10-18 41574
76 Real-time Charging System for Telecom & ISP environments admin 2014-08-23 41547
75 SigIMS IMS Platform admin 2014-05-24 41192
74 opensips-1.10.0_src.tar.gz experimental source code documentation admin 2014-03-09 41190
73 [Sipdroid] SIP data collection study tour admin 2014-08-23 40916
72 UAC Registrant Module admin 2014-09-28 40826
71 Multimedia Service Platform admin 2014-03-06 40631
70 CANCEL MESSAGE not handled correctly admin 2014-08-23 40469
69 MediaProxy Installation Guide admin 2014-08-10 40469
68 OpenSER_from_an_asterisk_POV file admin 2013-04-06 40419
67 OpenSIPS Kick Start‎: VIDEO admin 2013-02-20 40171
66 A2Billing and OpenSIPS config admin 2014-10-20 40024
65 OPENSIPS EBOOK admin 2014-08-21 39788
64 Under RHEL6.5 install OpenSIPS 1.11.1 tls admin 2014-08-12 39756
63 fusionPBX install debian wheezy admin 2014-08-09 39376
62 opensips.cfg for Asterisk admin 2014-10-20 39284
61 OpenSIPS/OpenSER-a versatile SIP Server cfg admin 2014-08-11 38891
60 opensips NAT Traversal Module admin 2014-10-02 38871
59 kamailio.cfg configuration Example admin 2014-10-04 38674
58 opensips Nat script with RTPPROXY - English Good perfect admin 2014-08-15 38619
57 OPENSIP Training VIDEO admin 2013-02-20 38476
56 [OpenSIPS-Users] Opensips 1.10 NAT radius aaa admin 2014-08-23 38079
55 OpenSIPS as Homer Capture server admin 2014-08-13 38034
54 Kamailio Nat Traversal using RTPProxy admin 2014-08-11 37906
53 Configuracion de Kamailio 3.3 con NAT Traversal y XCAP. admin 2014-08-12 37868