Monday, October 12, 2015

SIP (VoIP) Packets from sipvicious

Have you ever seen traffic looking like this against your networK?



The protocol is SIP, the Destination Port is 5060, UDP, it's a Request. From what?

If you look at the UDP Stream you'll see more details.



In the stream you see key information like 'From: "sipvicious"', User-Agent: friendly-scanner, etc


My understanding is that this is essentially the script-kiddie version of VoIP hacking. sipvicious is a tool (watch this video) where you can scan a network for VoIP servers and then try to brute-force authenticate into them and wreak havoc. If SIP is setup poorly or insecurely, you could have big problems from sipvicious.

Why care? If you're the good guy then you need to know about tools like this if you're supporting VoIP / SIP so that you can protect against it and secure it.

General reminder that this demonstration was for educational and awareness purposes and should not be used for malicious activities.

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment