한국어

소프트스위치

온누리070 플레이스토어 다운로드
    acrobits softphone
     온누리 070 카카오 프러스 친구추가온누리 070 카카오 프러스 친구추가친추
     카카오톡 채팅 상담 카카오톡 채팅 상담카톡
    
     라인상담
     라인으로 공유

     페북공유

   ◎위챗 : speedseoul


  
     PAYPAL
     
     PRICE
     

pixel.gif

    before pay call 0088 from app


http://nicerosniunos.blogspot.kr/2012/05/flooding-asterisk-freeswitch-and.html


Flooding Asterisk, Freeswitch and Kamailio with Metasploit

Hi, it has been a long time since my last post because of my new job and my final year project ("VoIP denegation of service attacks" for curious) but there is something I found during my tests with FreeswitchKamailio and Asterisk that I want to share.
NOTE: Really, guys of Security By Default blog published us (my good friend Roi Mallo and me) two articlesabout how to develop modules for Metasploit framework, another two are coming.  ;)

During my project, among others, I developed a Metasploit module which can flood SIP protocol with common frames (INVITE, OPTIONS, REGISTER, BYE), I wrote it at Quobis (nice job ;) in order to use it for some private tests because actual software didn´t fit our needs, so we are going to probe how is the behavior of different GPL VoIP servers against this kind of attacks:
- Asterisk: I think it needs no introduction, the famous softswitch/PBX software.
- Freeswitch: It´s a newer softswitch that seems to be Asterisk replacement and I really like.
- Kamailio (former OpenSER): It is the most known GPL SIP proxy.
Virtual machines
First of all I want to be clear about two things:
- Test were made without any protection on the server side, in a real environment we shoud find (in theory xD) something like Iptables, Snort, Fail2ban, Pike or a propietary Session border controller in large arquitectures. Anyway, it should be enough for this proof of concept.
- Asterisk and Freeswitch are PBX software, they were not designed to run between the limits of the infrastructure and Internet, although they are usually placed there. In fact, one of the reason of this post is to show the importance of using a SIP Proxy because of security and performance reasons.

Next pictures show an example of the Metasploit module use and generated traffic, we will use the same attack against differents IPs, so I´m showing it once only:
Module use and config
Captured traffic
I chose INVITE packets because they are much more effective against all kind of SIP devices and TIMEOUT to 0 trying to get more traffic. Then, the results:
NOTE: With Wireshark filter "sip.Method==REGISTER or sip.Status-Code==200 and !sdp" we can see if a softphone (Jitsi in this case) could be registered , this way we can confirm if tested software losts some REGISTER packages under attack.
Metasploit vs. Asterisk

Metasploit vs. Freeswitch
 

Metasploit vs. Kamailio

Pictures show how Metasploit module can flood both Asterisk and Freeswitch, but not Kamailio. Moreover, Asterisk lost REGISTER packets under the attack and Freeswitch did "strange" things answering with a lot of "200 OK" responses. This problem would be much more important in a real environment with hundreds of phones trying to register at the same time.

As conclusion we can confirm the use of Kamailio (I think OpenSIPS or another SIP Proxy would reach the same results) as frontier with "the wild". In addition we can also use Pike module for DoS protection and we could suppose that it would respond to a high volume of traffic in a better way than other two alternatives. To sum up I would like to remark that we can see Kamailio creates different forks to manage connections, this seems to be the key of its good performance. But next times I will show how to flood Kamailio with better results and the countermeasurements to protect yourself against it. ;)

조회 수 :
103569
등록일 :
2013.04.06
22:36:46 (*.160.42.88)
엮인글 :
http://webs.co.kr/index.php?document_srl=19768&act=trackback&key=898
게시글 주소 :
http://webs.co.kr/index.php?document_srl=19768
List of Articles
번호 제목 글쓴이 조회 수 추천 수 날짜sort
112 Opensips 2.32 download admin 21351   2017-09-01
 
111 OpenSIPS 2.3 install admin 26719   2017-09-01
 
110 JsSIP: The JavaScript SIP Library admin 23197   2017-09-01
 
109 WebSocket Transport using OpenSIPS admin 26594   2017-09-01
 
108 A2Billing and OpenSIPS – Part 1 admin 34175   2017-08-29
 
107 A2Billing and OpenSIPS – Part 2 admin 36181   2017-08-29
 
106 A2Billing and OpenSIPS – Part 3 admin 23665   2017-08-29
 
105 OpenSIPS 2.3 philosophy admin 23740   2017-08-17
 
104 The timeline for OpenSIPS 2.3 is admin 24955   2017-08-17
 
103 OpenSIPS Control Panel and Homer integration admin 45040   2017-08-17
 
102 Opensips sip capture re designed admin 23518   2017-07-16
 
101 WebRTC with OpenSIPS WebSocket is a protocol provides full-duplex admin 36068   2015-04-04
 
100 WebSocket Support in OpenSIPS 2.1 admin 34534   2015-04-04
 
99 OpenSIPS 2.1 (rc) is available, download now! admin 27813   2015-03-22
 
98 Service Provision Using Asterisk & OpenSIPS - AstriCon 2014 admin 36307   2015-02-25
 
97 SIP Signaling-Messages OpenSIPS Running On Multicore Server file admin 43589   2014-11-02
 
96 opensips.cfg for Asterisk admin 39376   2014-10-20
 
95 A2Billing and OpenSIPS config admin 40149   2014-10-20
 
94 Jitsi Videobridge meets WebRTC admin 47005   2014-10-18
 
93 A Survey of Open Source Products for Building a SIP Communication Platform admin 41714   2014-10-18
 
92 Script Function , Module Index v1.11 함수 모듈 opensips admin 37549   2014-10-14
 
91 Opensips TM module enables stateful processing of SIP transactions admin 47249   2014-10-04
 
90 kamailio.cfg configuration Example admin 38829   2014-10-04
 
89 opensips NAT Traversal Module admin 38992   2014-10-02
 
88 UAC Registrant Module admin 40929   2014-09-28
 
87 MediaProxy 2.3.x & OpenSIPS 1.5.x Integration admin 41965   2014-08-24
 
86 RTPPROXY Admin Guide admin 43095   2014-08-24
 
85 CANCEL MESSAGE not handled correctly admin 40547   2014-08-23
 
84 [Sipdroid] SIP data collection study tour admin 41027   2014-08-23
 
83 [OpenSIPS-Users] Opensips 1.10 NAT radius aaa admin 38202   2014-08-23