Voice over IP (VoIP) is one of the most emerging technologies, with a very relevant market penetration trend. This technology represents a cost advantage for the business and private networks with greater flexibility, if no new related vulnerabilities are introduced. The problems of security of the VoIP are mainly related to the weaknesses of the combination of the SIP and RTP protocols. In the VoWiFi case, these weaknesses are enhanced by the intrinsic vulnerabilities of the first generation wireless networks (802.11b), or by a bad administration of wireless security systems. After building a VoIP network over Wi-Fi without enforcing security measures for the authentication and the privacy of the data, we show in this paper several typologies of attack: eavesdropping and sniffing of the VoIP calls, man in the middle, denial of service, call interruption and build false calls. All these threats can represent part of a check list for a plug-and-play penetration test schedule, whenever a company deploys a VoIP network infrastructure based on some untested VoIP softphone and wireless LAN (as an internal hotspot)

An overview of some techniques to exploit VoIP over WLAN / G. Me; R. Verdone. - STAMPA. - (2006), pp. 67-67. (Intervento presentato al convegno Digital Telecommunications, , 2006. ICDT '06. International Conference on tenutosi a Cote d'Azur nel 29-31 Aug. 2006).

An overview of some techniques to exploit VoIP over WLAN

VERDONE, ROBERTO
2006

Abstract

Voice over IP (VoIP) is one of the most emerging technologies, with a very relevant market penetration trend. This technology represents a cost advantage for the business and private networks with greater flexibility, if no new related vulnerabilities are introduced. The problems of security of the VoIP are mainly related to the weaknesses of the combination of the SIP and RTP protocols. In the VoWiFi case, these weaknesses are enhanced by the intrinsic vulnerabilities of the first generation wireless networks (802.11b), or by a bad administration of wireless security systems. After building a VoIP network over Wi-Fi without enforcing security measures for the authentication and the privacy of the data, we show in this paper several typologies of attack: eavesdropping and sniffing of the VoIP calls, man in the middle, denial of service, call interruption and build false calls. All these threats can represent part of a check list for a plug-and-play penetration test schedule, whenever a company deploys a VoIP network infrastructure based on some untested VoIP softphone and wireless LAN (as an internal hotspot)
2006
Digital Telecommunications, , 2006. ICDT '06. International Conference on
67
67
An overview of some techniques to exploit VoIP over WLAN / G. Me; R. Verdone. - STAMPA. - (2006), pp. 67-67. (Intervento presentato al convegno Digital Telecommunications, , 2006. ICDT '06. International Conference on tenutosi a Cote d'Azur nel 29-31 Aug. 2006).
G. Me; R. Verdone
File in questo prodotto:
Eventuali allegati, non sono esposti

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/88200
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact