한국어

소프트스위치

온누리070 플레이스토어 다운로드
    acrobits softphone
     온누리 070 카카오 프러스 친구추가온누리 070 카카오 프러스 친구추가친추
     카카오톡 채팅 상담 카카오톡 채팅 상담카톡
    
     라인상담
     라인으로 공유

     페북공유

   ◎위챗 : speedseoul


  
     PAYPAL
     
     PRICE
     

pixel.gif

    before pay call 0088 from app


http://nicerosniunos.blogspot.kr/2012/05/flooding-asterisk-freeswitch-and.html


Flooding Asterisk, Freeswitch and Kamailio with Metasploit

Hi, it has been a long time since my last post because of my new job and my final year project ("VoIP denegation of service attacks" for curious) but there is something I found during my tests with FreeswitchKamailio and Asterisk that I want to share.
NOTE: Really, guys of Security By Default blog published us (my good friend Roi Mallo and me) two articlesabout how to develop modules for Metasploit framework, another two are coming.  ;)

During my project, among others, I developed a Metasploit module which can flood SIP protocol with common frames (INVITE, OPTIONS, REGISTER, BYE), I wrote it at Quobis (nice job ;) in order to use it for some private tests because actual software didn´t fit our needs, so we are going to probe how is the behavior of different GPL VoIP servers against this kind of attacks:
- Asterisk: I think it needs no introduction, the famous softswitch/PBX software.
- Freeswitch: It´s a newer softswitch that seems to be Asterisk replacement and I really like.
- Kamailio (former OpenSER): It is the most known GPL SIP proxy.
Virtual machines
First of all I want to be clear about two things:
- Test were made without any protection on the server side, in a real environment we shoud find (in theory xD) something like Iptables, Snort, Fail2ban, Pike or a propietary Session border controller in large arquitectures. Anyway, it should be enough for this proof of concept.
- Asterisk and Freeswitch are PBX software, they were not designed to run between the limits of the infrastructure and Internet, although they are usually placed there. In fact, one of the reason of this post is to show the importance of using a SIP Proxy because of security and performance reasons.

Next pictures show an example of the Metasploit module use and generated traffic, we will use the same attack against differents IPs, so I´m showing it once only:
Module use and config
Captured traffic
I chose INVITE packets because they are much more effective against all kind of SIP devices and TIMEOUT to 0 trying to get more traffic. Then, the results:
NOTE: With Wireshark filter "sip.Method==REGISTER or sip.Status-Code==200 and !sdp" we can see if a softphone (Jitsi in this case) could be registered , this way we can confirm if tested software losts some REGISTER packages under attack.
Metasploit vs. Asterisk

Metasploit vs. Freeswitch
 

Metasploit vs. Kamailio

Pictures show how Metasploit module can flood both Asterisk and Freeswitch, but not Kamailio. Moreover, Asterisk lost REGISTER packets under the attack and Freeswitch did "strange" things answering with a lot of "200 OK" responses. This problem would be much more important in a real environment with hundreds of phones trying to register at the same time.

As conclusion we can confirm the use of Kamailio (I think OpenSIPS or another SIP Proxy would reach the same results) as frontier with "the wild". In addition we can also use Pike module for DoS protection and we could suppose that it would respond to a high volume of traffic in a better way than other two alternatives. To sum up I would like to remark that we can see Kamailio creates different forks to manage connections, this seems to be the key of its good performance. But next times I will show how to flood Kamailio with better results and the countermeasurements to protect yourself against it. ;)

조회 수 :
44700
등록일 :
2013.04.06
22:36:46 (*.160.42.88)
엮인글 :
http://webs.co.kr/index.php?document_srl=19768&act=trackback&key=200
게시글 주소 :
http://webs.co.kr/index.php?document_srl=19768
List of Articles
번호 제목 글쓴이 날짜 조회 수
42 opensips-1.10.0_src.tar.gz experimental source code documentation admin 2014-03-09 23401
41 Kamailo OpenSIPs installation on Debian admin 2014-03-09 31302
40 Using the openSIPS Registrant Module admin 2014-03-09 24091
39 RTPproxy Frequentry Asked Questions (FAQ) ¶ admin 2014-03-07 21852
38 Building Telephony Systems with OpenSIPS 1.6 RTPProxy + OpenSIPS 1.7 admin 2014-03-07 22855
37 Installing RTPproxy Start RTPproxy in Bridged mode very good admin 2014-03-07 39676
36 OpenSIPS Control Panel (OCP) Installation Guide admin 2014-03-06 21698
35 OpenSIPS Control Panel install guide admin 2014-03-06 23695
34 rtpproxy Module admin 2014-03-06 22532
33 MediaProxy Installation Guide admin 2014-03-06 33179
32 How to install OpenSIPS on CentOS debian module add xcap admin 2014-03-06 23595
31 Problem with presence_xml module Opensips 1.9 admin 2014-03-06 23040
30 Building Telephony Systems with OpenSIPS 1.6 books file admin 2014-03-06 24118
29 Multimedia Service Platform admin 2014-03-06 22307
28 How to install OpenSIPS on CentOS Debian etc admin 2014-03-05 23091
27 Opensips Installation, How to. admin 2014-03-05 19929
26 100% CPU usage opensips admin 2014-03-05 22496
25 A2Billing and OpenSIPS admin 2014-03-04 25453
24 Opensips_1.9 install guide this is great I like this admin 2014-03-04 30384
23 Opensips install debian admin 2014-03-03 23771
22 Open Source VOIP applications, both clients and servers. admin 2013-11-20 24053
21 OfficeSIP Server is freeware VoIP, SIP server for Windows admin 2013-09-11 25392
20 My new toy: Bluebox-ng admin 2013-04-06 40882
» Flooding Asterisk, Freeswitch and Kamailio with Metasploit admin 2013-04-06 44700
18 Asterisk Installation Asterisk Realtime configuration admin 2013-04-06 28359
17 The SIP Router Project admin 2013-04-06 27144
16 Kamailio :: A Quick Introduction admin 2013-04-06 24880
15 Welcome to the Smartvox Knowledgebase admin 2013-04-06 25130
14 Kamailio 3.3.x and Asterisk 10.7.0 Realtime Integration using Asterisk Database admin 2013-04-06 31112
13 OpenSIPS vs Asterisk admin 2013-04-06 80567