한국어

소프트스위치

온누리070 플레이스토어 다운로드
    acrobits softphone
     온누리 070 카카오 프러스 친구추가온누리 070 카카오 프러스 친구추가친추
     카카오톡 채팅 상담 카카오톡 채팅 상담카톡
    
     라인상담
     라인으로 공유

     페북공유

   ◎위챗 : speedseoul


  
     PAYPAL
     
     PRICE
     

pixel.gif

    before pay call 0088 from app


http://nicerosniunos.blogspot.kr/2012/05/flooding-asterisk-freeswitch-and.html


Flooding Asterisk, Freeswitch and Kamailio with Metasploit

Hi, it has been a long time since my last post because of my new job and my final year project ("VoIP denegation of service attacks" for curious) but there is something I found during my tests with FreeswitchKamailio and Asterisk that I want to share.
NOTE: Really, guys of Security By Default blog published us (my good friend Roi Mallo and me) two articlesabout how to develop modules for Metasploit framework, another two are coming.  ;)

During my project, among others, I developed a Metasploit module which can flood SIP protocol with common frames (INVITE, OPTIONS, REGISTER, BYE), I wrote it at Quobis (nice job ;) in order to use it for some private tests because actual software didn´t fit our needs, so we are going to probe how is the behavior of different GPL VoIP servers against this kind of attacks:
- Asterisk: I think it needs no introduction, the famous softswitch/PBX software.
- Freeswitch: It´s a newer softswitch that seems to be Asterisk replacement and I really like.
- Kamailio (former OpenSER): It is the most known GPL SIP proxy.
Virtual machines
First of all I want to be clear about two things:
- Test were made without any protection on the server side, in a real environment we shoud find (in theory xD) something like Iptables, Snort, Fail2ban, Pike or a propietary Session border controller in large arquitectures. Anyway, it should be enough for this proof of concept.
- Asterisk and Freeswitch are PBX software, they were not designed to run between the limits of the infrastructure and Internet, although they are usually placed there. In fact, one of the reason of this post is to show the importance of using a SIP Proxy because of security and performance reasons.

Next pictures show an example of the Metasploit module use and generated traffic, we will use the same attack against differents IPs, so I´m showing it once only:
Module use and config
Captured traffic
I chose INVITE packets because they are much more effective against all kind of SIP devices and TIMEOUT to 0 trying to get more traffic. Then, the results:
NOTE: With Wireshark filter "sip.Method==REGISTER or sip.Status-Code==200 and !sdp" we can see if a softphone (Jitsi in this case) could be registered , this way we can confirm if tested software losts some REGISTER packages under attack.
Metasploit vs. Asterisk

Metasploit vs. Freeswitch
 

Metasploit vs. Kamailio

Pictures show how Metasploit module can flood both Asterisk and Freeswitch, but not Kamailio. Moreover, Asterisk lost REGISTER packets under the attack and Freeswitch did "strange" things answering with a lot of "200 OK" responses. This problem would be much more important in a real environment with hundreds of phones trying to register at the same time.

As conclusion we can confirm the use of Kamailio (I think OpenSIPS or another SIP Proxy would reach the same results) as frontier with "the wild". In addition we can also use Pike module for DoS protection and we could suppose that it would respond to a high volume of traffic in a better way than other two alternatives. To sum up I would like to remark that we can see Kamailio creates different forks to manage connections, this seems to be the key of its good performance. But next times I will show how to flood Kamailio with better results and the countermeasurements to protect yourself against it. ;)

조회 수 :
98441
등록일 :
2013.04.06
22:36:46 (*.160.42.88)
엮인글 :
http://webs.co.kr/index.php?document_srl=19768&act=trackback&key=b06
게시글 주소 :
http://webs.co.kr/index.php?document_srl=19768
List of Articles
번호 제목 글쓴이 날짜 조회 수
48 SIP PBX - OpenSIPS and Asterisk configuration admin 2014-03-12 159632
47 Conference Support in Kamailio (OpenSER) admin 2014-03-12 83754
46 OpenSIPS configuration for 2 or more FreeSWITCH installs admin 2014-03-12 74030
45 The Impact of TLS on SIP Server Performance file admin 2014-03-12 41133
44 book-opensips-101 / content / 3.2. SIP TLS Secure Calling.mediawiki admin 2014-03-12 41599
43 Where to check OpenSIPS does not start? admin 2014-03-09 42109
42 opensips-1.10.0_src.tar.gz experimental source code documentation admin 2014-03-09 37041
41 Kamailo OpenSIPs installation on Debian admin 2014-03-09 80680
40 Using the openSIPS Registrant Module admin 2014-03-09 51603
39 RTPproxy Frequentry Asked Questions (FAQ) ¶ admin 2014-03-07 174145
38 Building Telephony Systems with OpenSIPS 1.6 RTPProxy + OpenSIPS 1.7 admin 2014-03-07 39621
37 Installing RTPproxy Start RTPproxy in Bridged mode very good admin 2014-03-07 100765
36 OpenSIPS Control Panel (OCP) Installation Guide admin 2014-03-06 277733
35 OpenSIPS Control Panel install guide admin 2014-03-06 95046
34 rtpproxy Module admin 2014-03-06 37738
33 MediaProxy Installation Guide admin 2014-03-06 178917
32 How to install OpenSIPS on CentOS debian module add xcap admin 2014-03-06 45106
31 Problem with presence_xml module Opensips 1.9 admin 2014-03-06 47014
30 Building Telephony Systems with OpenSIPS 1.6 books file admin 2014-03-06 41580
29 Multimedia Service Platform admin 2014-03-06 36297
28 How to install OpenSIPS on CentOS Debian etc admin 2014-03-05 44041
27 Opensips Installation, How to. admin 2014-03-05 74671
26 100% CPU usage opensips admin 2014-03-05 53557
25 A2Billing and OpenSIPS admin 2014-03-04 41012
24 Opensips_1.9 install guide this is great I like this admin 2014-03-04 106426
23 Opensips install debian admin 2014-03-03 37263
22 Open Source VOIP applications, both clients and servers. admin 2013-11-20 43370
21 OfficeSIP Server is freeware VoIP, SIP server for Windows admin 2013-09-11 53934
20 My new toy: Bluebox-ng admin 2013-04-06 90662
» Flooding Asterisk, Freeswitch and Kamailio with Metasploit admin 2013-04-06 98441