Sidestep VoIP Catastrophe the Foolproof Hacking Exposed Way
"This book illuminates how remote users can probe, sniff, and modify your phones, phone switches, and networks that offer VoIP services. Most importantly, the authors offer solutions to mitigate the risk of deploying VoIP technologies." --Ron Gula, CTO of Tenable Network Security
Block debilitating VoIP attacks by learning how to look at your network and devices through the eyes of the malicious intruder. Hacking Exposed VoIP shows you, step-by-step, how online criminals perform reconnaissance, gain access, steal data, and penetrate vulnerable systems. All hardware-specific and network-centered security issues are covered alongside detailed countermeasures, in-depth examples, and hands-on implementation techniques. Inside, you'll learn how to defend against the latest DoS, man-in-the-middle, call flooding, eavesdropping, VoIP fuzzing, signaling and audio manipulation, Voice SPAM/SPIT, and voice phishing attacks.
Find out how hackers footprint, scan, enumerate, and pilfer VoIP networks and hardware
Fortify Cisco, Avaya, and Asterisk systems
Prevent DNS poisoning, DHCP exhaustion, and ARP table manipulation
Thwart number harvesting, call pattern tracking, and conversation eavesdropping
Measure and maintain VoIP network quality of service and VoIP conversation quality
Stop DoS and packet flood-based attacks from disrupting SIP proxies and phones
Counter REGISTER hijacking, INVITE flooding, and BYE call teardown attacks
Avoid insertion/mixing of malicious audio
Learn about voice SPAM/SPIT and how to prevent it
Defend against voice phishing and identity theft scams
Table of contents
Part I: Casing the Establishment
Chapter 1: Footprinting a VoIP Network
Chapter 2: Scanning a VoIP Network
Chapter 3: Enumerating a VoIP Network
Part II: Exploiting the VoIP Underlying Platforms
Chapter 4: VoIP Network Infrastructure Denial of Service (DoS)
Chapter 5: VoIP Network Eavesdropping
Chapter 6: VoIP Interception and Modification
Part III: Exploiting Specific VoIP Platforms
Chapter 7: Cisco Unified CallManager
Chapter 8: Avaya Communication Manager
Chapter 9: Asterisk
Chapter 10: Emerging Softphone Technologies
Part IV : VoIP Session and Application Hacking
Chapter 11: VoIP Fuzzing
Chapter 12: Flood-based Disruption of Service
Chapter 13: Signaling and Media Manipulation
Part V: Social Threats
Chapter 14: SPAM over Internet Technology (SPIT)
Chapter 15: Voice Phishing
Index
[1]
Sophie Engle,et al.
AN INTRODUCTION TO ARP SPOOFING
,
2001
.
[2]
Cindy Poremba,et al.
Point and Shoot
,
2007,
Games Cult..
[3]
Matt Bishop,et al.
A Critical Analysis of Vulnerability Taxonomies
,
1996
.
[4]
B. Keepence.
Quality of service for voice over IP
,
1999
.
[5]
Gary McGraw,et al.
Exploiting Software: How to Break Code
,
2004
.
[6]
Ofir Arkin.
The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems' SIP-based IP Phones model 7960
,
2002
.
[7]
Henning Schulzrinne,et al.
An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol
,
2004,
Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.
[8]
Josha Bronson.
Protecting Your Network from ARP Spoofing-Based Attacks
,
2004
.
[9]
Vitaly Osipov,et al.
Format String Attacks
,
2005
.
[10]
P. Ross,et al.
SHAKING THE TREE
,
1992
.
[11]
Jon Peterson,et al.
Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP)
,
2006,
RFC.
[12]
Michael Howard,et al.
Reviewing Code for Integer Manipulation Vulnerabilities
,
2003
.