[Voptalk] RE: Looking for Unique VOIP tools.

Gould, Aaron aaron.gould at ngc.com
Tue Mar 27 14:13:34 EDT 2007 

opps, i think rudp is not real-time udp, but reliable udp
 
aaron

________________________________

From: Gould, Aaron 
Sent: Tuesday, March 27, 2007 12:03 PM
To: pthermos at vopsecurity.org; voptalk at lists.vopsecurity.org;
NimrodS at comsecglobal.com; david.endler at voipsa.org
Cc: Gould, Aaron
Subject: RE: [Voptalk] RE: Looking for Unique VOIP tools.


i'll share this peter, but on one condition, you let me test and use
your unistim tools and utilities once you get them ready for
trial/release (please)  :)   btw, do you remember me?  i was doing some
sip/h323 voip vulnerability anlysis work 4 or 5 months ago and you and i
passed email occassionally....matter of fact i think we may have even
spoke on the phone at some point.....anyway
 
if you are going to capture unistim (nortel proprietary voip sig prot)
and it's carrier protocol rudp (nortel's proprietary sequencing
mechanism real-time udp) which rides over standard udp.....so it's
unistim over rudp over udp....you'll need ethereal 0.10.9
http://oldapps.com/Wireshark.php with the attached plugin.....Install
this plugin .dll in the directory <Ethereal install dir>\plugins\0.10.9
... e.g.  C:\Program Files\Ethereal0109\plugins\0.10.9    ....from what
i saw it will overwrite the existing rudp.dll file which is fine
....using wireshark 0.99.4 i see unistim packets erroneously as Cross
Point Frame Injector (CPFI) PDU's.....i searched hi and low for a
ethereal/wireshark decode and this is what i've come up with.
 
i currently have a live Nortel VoIP network that I test with...... i2050
softphone and i2004 regular (grey) and phase 2 (black) hardphones also 2
seperate Nortel IP PBX (like call management systems).... 1 - BCM200
(business communications manager 200) and 2 - CS1K for short....or
Communications Server 1000....also known as Succession 1000S.....which
is comprised of a Sig Server (runs VXWorks OS on a intel platfrom) and
this sig srv communicates with a Nortel Call Server which is a 1 slot
chassis which has the SSC processor for call routing.  The sig srv is
where the unistim dialogues take place and the phones register, i think
it does some sort fo unistim proxying and communicates with the call
server on the backend over a seperate out of band lan (could be a vlan,
which is what it is in my case)....i never really sniffed that sig
server to call server traffic to see if it's some other protocol
 
i have some sniffs of i2050 registration.....then i2050 calling
i2004.....etc
 
i2050 softphone registering with Succession 1000/CS1K (udp port 4100 on
CS1K and udp port 5000 on i2050, then switches to, still udp/5000 on
i2050 but udp 7300 on CS1K, then switches again to still udp/5000 on
i2050 but udp/5100 on cs1k.....i have the .cap files showing all these
dialogues
 
Aaron

________________________________

From: voptalk-bounces at lists.vopsecurity.org on behalf of Peter Thermos
Sent: Mon 3/26/2007 9:37 PM
To: voptalk at lists.vopsecurity.org
Subject: [Voptalk] RE: Looking for Unique VOIP tools.



It will also be helpful even if someone can capture UNISTIM traffic.
I can develop some utilities around it.

Peter

> -----Original Message-----
> From: Nimrod Sasson [mailto:NimrodS at comsecglobal.com]
> Sent: Monday, March 19, 2007 5:16 AM
> To: pthermos at vopsecurity.org; Shawn Merdinger;
> voptalk at lists.vopsecurity.org
> Subject: Looking for Unique VOIP tools.
>
> Do you know any tools for Cisco (skinny) and Nortel (Unistim) tools?
> They use specific protocol which is based on SIP and H323,
> but they changed Something and many of the tools get only noises.
>
> Thanks a lot
>
> Nimrod.
>
>
> -----Original Message-----
> From: voptalk-bounces at lists.vopsecurity.org
> [mailto:voptalk-bounces at lists.vopsecurity.org] On Behalf Of
> Peter Thermos
> Sent: Thursday, March 15, 2007 9:30 PM
> To: 'Shawn Merdinger'; voptalk at lists.vopsecurity.org
> Subject: RE: [Voptalk] New: VoIP Security tools list
>
> Thanks Shawn!
>
> Just a note to the group, SIVus fits in all the following categories:
>
> -VoIP Scanning and Enumeration Tools
> -VoIP Packet Creation and Flooding Tools -VoIP Fuzzing Tools
> -VoIP Signaling Manipulation Tools
>
> although it is listed only under VoIP Scanning and Enumeration Tools.
> 
> Peter
>
> > -----Original Message-----
> > From: voptalk-bounces at lists.vopsecurity.org
> > [mailto:voptalk-bounces at lists.vopsecurity.org] On Behalf Of Shawn
> > Merdinger
> > Sent: Thursday, March 15, 2007 1:29 AM
> > To: voptalk at lists.vopsecurity.org
> > Subject: [Voptalk] New: VoIP Security tools list
> >
> > FYI -- hope this is useful for folks :)
> >
> > Thanks,
> > --scm
> >
> > ---------- Forwarded message ----------
> > From: David Endler <david.endler at voipsa.org>
> > Date: Mar 14, 2007 8:34 AM
> > Subject: New: VoIP Security tools list
> > To: pen-test at securityfocus.com
> >
> >
> > The VoIP Security Alliance (VOIPSA) is pleased to announce
> the public
> > release of its VoIP security tool list.  Check it out at:
> >
> > http://www.voipsa.org/Resources/tools.php
> >
> > This list was developed to address the current void of VoIP
> security
> > testing resources and sites, for vendors and VoIP users
> alike.  It is
> > separated into the following seven broad
> > categories:
> >
> >   * VoIP Sniffing Tools
> >   * VoIP Scanning and Enumeration Tools
> >   * VoIP Packet Creation and Flooding Tools
> >   * VoIP Fuzzing Tools
> >   * VoIP Signaling Manipulation Tools
> >   * VoIP Media Manipulation Tools
> >   * Miscellaneous Tools
> >
> > Special thanks to VOIPSA members Shawn Merdinger and Dustin
> Trammell
> > who created the list and have graciously agreed to maintain it. For
> > more information about the tools list, you can listen to
> Dan York and
> > Jonathan Zar discuss it in Blue Box Podcast #54 and also with Shawn
> > Merdinger in Blue Box Special Edition #16 both available at
> > http://www.blueboxpodcast.com <http://www.blueboxpodcast.com/> 
> >
> >
> > David Endler
> > VOIPSA Chairman
> > http://www.voipsa.org <http://www.voipsa.org/> 
> >
> > --About VOIPSA
> > The Voice over IP Security Alliance (VOIPSA) aims to provide VoIP
> > security related resources through a unique collaboration
> of VoIP and
> > Information Security vendors, providers, and thought
> leaders. VOIPSA's
> > mission is to drive adoption of VoIP by promoting the
> current state of
> > VoIP security research, VoIP security education and awareness, and
> > free VoIP testing methodologies and tools.
> > _______________________________________________
> > - The VoPSecurity Forum -
> >
> > To post a message to the mailing list send an email to [
> > voptalk_at_lists.vopsecurity.org ]
> >
>
>
> _______________________________________________
> - The VoPSecurity Forum -
>
> To post a message to the mailing list send an email to [
> voptalk_at_lists.vopsecurity.org ]
> **************************************************************
> ************************************
> The contents of this email and any attachments are confidential.
> They are intended for the named recipient(s) only.
> If you have received this email in error please notify the
> system manager or  the
> sender immediately and do not disclose the contents to anyone
> or make copies.
>
> ** eSafe scanned this email for viruses, vandals and
> malicious content. **
> **************************************************************
> ************************************
>
>


_______________________________________________
- The VoPSecurity Forum -

To post a message to the mailing list send an email to [
voptalk_at_lists.vopsecurity.org ]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.vopsecurity.org/pipermail/voptalk/attachments/20070327/79a71ecd/attachment.html

More information about the Voptalk mailing list