VoIP Malware: Attack Tool & Attack Scenarios

With the appearance of new Internet services like Voice over IP and IP television, malwares are in the way to update and extend their targets. In this paper, we discuss the emergence of a new generation of malwares attacking VoIP infrastructures and services. Such malwares constitute a real threat to the currently deployed VoIP architectures without strong security measures in place. We present one implemented environment that can be used to evaluate such attacks. Our "VoIP bots" support a wide set of attacks ranging from SPIT to DDoS and are tested against several VoIP platforms.

[1]  Henning Schulzrinne,et al.  Security testing of SIP implementations , 2003 .

[2]  S. Ehlert,et al.  Specification-Based Denial-of-Service Detection for SIP Voice-over-IP Networks , 2008, 2008 The Third International Conference on Internet Monitoring and Protection.

[3]  Radu State,et al.  VoIP Honeypot Architecture , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.

[4]  Dipak Ghosal,et al.  Secure IP Telephony using Multi-layered Protection , 2003, NDSS.

[5]  E.Y. Chen,et al.  Detecting DoS attacks on SIP systems , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[6]  Geoffrey M. Voelker,et al.  Can you infect me now?: malware propagation in mobile phone networks , 2007, WORM '07.

[7]  John Aycock Computer Viruses and Malware (Advances in Information Security) , 2006 .

[8]  Yossi Matias,et al.  Consistent, yet anonymous, Web access with LPWA , 1999, CACM.

[9]  Yuen-Yan Chan,et al.  Network Forensic on Encrypted Peer-to-Peer VoIP Traffics and the Detection, Blocking, and Prioritization of Skype Traffics , 2007, 16th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2007).

[10]  Christopher Leckie,et al.  CPU-based DoS attacks against SIP servers , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[11]  Hong Yan,et al.  Incorporating Active Fingerprinting into SPIT Prevention Systems , 2006 .

[12]  Wilmuth Müller,et al.  A Test Suite for the Evaluation of Mobile Agent Platform Security , 2006, 2006 IEEE/WIC/ACM International Conference on Intelligent Agent Technology.

[13]  Alan Johnston SIP: Understanding the Session Initiation Protocol, Second Edition , 2003 .

[14]  Radu State,et al.  KiF: a stateful SIP fuzzer , 2007, IPTComm '07.

[15]  Radu State,et al.  Advanced Network Fingerprinting , 2008, RAID.

[16]  Christian Huitema,et al.  STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) , 2003, RFC.

[17]  A. Joseph,et al.  Bounding an Attack ’ s Complexity for a Simple Learning Model , 2006 .

[18]  Sushil Jajodia,et al.  Detecting VoIP Floods Using the Hellinger Distance , 2008, IEEE Transactions on Parallel and Distributed Systems.

[19]  Radu State,et al.  Holistic VoIP intrusion detection and prevention system , 2007, IPTComm '07.

[20]  Iván Arce,et al.  An Analysis of the Slapper Worm , 2003, IEEE Secur. Priv..

[21]  D. Milojicic,et al.  Peer-to-Peer Computing , 2010 .

[22]  Alan B. Johnston,et al.  SIP: Understanding the Session Initiation Protocol , 2001 .