Hendrik Scholz: SIP Stack Fingerprinting and stack difference attacks




Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference show

Summary: "VoIP applications went mainstream, although the underlying protocols are still undergoing constant development. The SIP protocol being the main driver behind this has been analyzed, fuzzed and put to the test before, but interoperability weaknesses still yield a large field for attacks. This presentation gives a short introduction to the SIP protocol and the threats it exposes; enough to understand the issues described. A SIP stack fingerprinting tool will be released during the talk which allows different stacks to be identified and classified for further attacks. The main part focuses on practical attacks targeting features from caller ID spoofing to Lawful Interception. Various attack vectors are pointed out to allow further exploit development. Hendrik Scholz is a lead VoIP developer and Systems Engineer at Freenet Cityline GmbH in Kiel, Germany. His daily jobs consist of developing server side systems and features as well as tracking down bugs in SIP stacks. He earned his Bachelor in Computer Science from the German University of Applied Sciences Kiel in 2003. While studying abroad in Melbourne, Australia and working as Unix developer in Atlanta, GA and Orlando, FL, he contributed to FreeBSD and specialized in networking security issues. He released Operating System level as well as Application Layer fingerprinting tools. Having access to present and upcoming VoIP devices, hacking on these has become a spare time passion."