Call redirection attack using 305 response messages VoIP-SIP Security

The aim of this attack is to redirect traffic signalisation through a compromised proxy server.
3xx redirect messages are sent by a called agent to inform the caller agent on the new location of alternative services that will satisfy the call. The 305 message specifies that the demanded resource can be obtained through the proxy specified in the contact field.

The attacker starts by listening to the network to intercept an INVITE message. With the information, he can forge a 305 message specifying that the rest of the call must pass through his server. He must then send it before the legitimate answer is received by the caller. He can then use his proxy to modify all following messages.

The attacker must be able to capture an INVTE message, and then send a forged 305 response before the legitimate answer. He must then have a compromised proxy server through which the traffic can be routed.
References:
        RFC 3261 - SIP: Session Initiation Protocol
        http://www.vadese.org/files/upload/Best_practices_VoIP_en_v20.pdf

Related post



Newer Post Older Post

0 comments:

Post a Comment

 

Wiki Voip And Fax Tutorials Copyright © 2010 Labloub