[Voptalk] RE: Looking for Unique VOIP tools.

Peter Thermos pthermos at vopsecurity.org
Wed Mar 28 02:19:04 EDT 2007 

Aaron, good to hear from you again!
 
We will definitely share the tools with you and the rest of the group (this
is the purpose of our community). 
In fact I will need your help to "test-drive" the early versions.
 
Peter


  _____  

From: Gould, Aaron [mailto:aaron.gould at ngc.com] 
Sent: Tuesday, March 27, 2007 1:03 PM
To: pthermos at vopsecurity.org; voptalk at lists.vopsecurity.org;
NimrodS at comsecglobal.com; david.endler at voipsa.org
Cc: Gould, Aaron
Subject: RE: [Voptalk] RE: Looking for Unique VOIP tools.


i'll share this peter, but on one condition, you let me test and use your
unistim tools and utilities once you get them ready for trial/release
(please)  :)   btw, do you remember me?  i was doing some sip/h323 voip
vulnerability anlysis work 4 or 5 months ago and you and i passed email
occassionally....matter of fact i think we may have even spoke on the phone
at some point.....anyway
 
if you are going to capture unistim (nortel proprietary voip sig prot) and
it's carrier protocol rudp (nortel's proprietary sequencing mechanism
real-time udp) which rides over standard udp.....so it's unistim over rudp
over udp....you'll need ethereal 0.10.9 http://oldapps.com/Wireshark.php
with the attached plugin.....Install this plugin .dll in the directory
<Ethereal install dir>\plugins\0.10.9 ... e.g.  C:\Program
Files\Ethereal0109\plugins\0.10.9    ....from what i saw it will overwrite
the existing rudp.dll file which is fine   ....using wireshark 0.99.4 i see
unistim packets erroneously as Cross Point Frame Injector (CPFI) PDU's.....i
searched hi and low for a ethereal/wireshark decode and this is what i've
come up with.
 
i currently have a live Nortel VoIP network that I test with...... i2050
softphone and i2004 regular (grey) and phase 2 (black) hardphones also 2
seperate Nortel IP PBX (like call management systems).... 1 - BCM200
(business communications manager 200) and 2 - CS1K for short....or
Communications Server 1000....also known as Succession 1000S.....which is
comprised of a Sig Server (runs VXWorks OS on a intel platfrom) and this sig
srv communicates with a Nortel Call Server which is a 1 slot chassis which
has the SSC processor for call routing.  The sig srv is where the unistim
dialogues take place and the phones register, i think it does some sort fo
unistim proxying and communicates with the call server on the backend over a
seperate out of band lan (could be a vlan, which is what it is in my
case)....i never really sniffed that sig server to call server traffic to
see if it's some other protocol
 
i have some sniffs of i2050 registration.....then i2050 calling
i2004.....etc
 
i2050 softphone registering with Succession 1000/CS1K (udp port 4100 on CS1K
and udp port 5000 on i2050, then switches to, still udp/5000 on i2050 but
udp 7300 on CS1K, then switches again to still udp/5000 on i2050 but
udp/5100 on cs1k.....i have the .cap files showing all these dialogues


 
Aaron

  _____  

From: voptalk-bounces at lists.vopsecurity.org on behalf of Peter Thermos
Sent: Mon 3/26/2007 9:37 PM
To: voptalk at lists.vopsecurity.org
Subject: [Voptalk] RE: Looking for Unique VOIP tools.



It will also be helpful even if someone can capture UNISTIM traffic.
I can develop some utilities around it.

Peter

> -----Original Message-----
> From: Nimrod Sasson [mailto:NimrodS at comsecglobal.com]
> Sent: Monday, March 19, 2007 5:16 AM
> To: pthermos at vopsecurity.org; Shawn Merdinger;
> voptalk at lists.vopsecurity.org
> Subject: Looking for Unique VOIP tools.
>
> Do you know any tools for Cisco (skinny) and Nortel (Unistim) tools?
> They use specific protocol which is based on SIP and H323,
> but they changed Something and many of the tools get only noises.
>
> Thanks a lot
>
> Nimrod.
>
>
> -----Original Message-----
> From: voptalk-bounces at lists.vopsecurity.org
> [mailto:voptalk-bounces at lists.vopsecurity.org] On Behalf Of
> Peter Thermos
> Sent: Thursday, March 15, 2007 9:30 PM
> To: 'Shawn Merdinger'; voptalk at lists.vopsecurity.org
> Subject: RE: [Voptalk] New: VoIP Security tools list
>
> Thanks Shawn!
>
> Just a note to the group, SIVus fits in all the following categories:
>
> -VoIP Scanning and Enumeration Tools
> -VoIP Packet Creation and Flooding Tools -VoIP Fuzzing Tools
> -VoIP Signaling Manipulation Tools
>
> although it is listed only under VoIP Scanning and Enumeration Tools.
> 
> Peter
>
> > -----Original Message-----
> > From: voptalk-bounces at lists.vopsecurity.org
> > [mailto:voptalk-bounces at lists.vopsecurity.org] On Behalf Of Shawn
> > Merdinger
> > Sent: Thursday, March 15, 2007 1:29 AM
> > To: voptalk at lists.vopsecurity.org
> > Subject: [Voptalk] New: VoIP Security tools list
> >
> > FYI -- hope this is useful for folks :)
> >
> > Thanks,
> > --scm
> >
> > ---------- Forwarded message ----------
> > From: David Endler <david.endler at voipsa.org>
> > Date: Mar 14, 2007 8:34 AM
> > Subject: New: VoIP Security tools list
> > To: pen-test at securityfocus.com
> >
> >
> > The VoIP Security Alliance (VOIPSA) is pleased to announce
> the public
> > release of its VoIP security tool list.  Check it out at:
> >
> > http://www.voipsa.org/Resources/tools.php
> >
> > This list was developed to address the current void of VoIP
> security
> > testing resources and sites, for vendors and VoIP users
> alike.  It is
> > separated into the following seven broad
> > categories:
> >
> >   * VoIP Sniffing Tools
> >   * VoIP Scanning and Enumeration Tools
> >   * VoIP Packet Creation and Flooding Tools
> >   * VoIP Fuzzing Tools
> >   * VoIP Signaling Manipulation Tools
> >   * VoIP Media Manipulation Tools
> >   * Miscellaneous Tools
> >
> > Special thanks to VOIPSA members Shawn Merdinger and Dustin
> Trammell
> > who created the list and have graciously agreed to maintain it. For
> > more information about the tools list, you can listen to
> Dan York and
> > Jonathan Zar discuss it in Blue Box Podcast #54 and also with Shawn
> > Merdinger in Blue Box Special Edition #16 both available at
> > http://www.blueboxpodcast.com <http://www.blueboxpodcast.com/> 
> >
> >
> > David Endler
> > VOIPSA Chairman
> > http://www.voipsa.org <http://www.voipsa.org/> 
> >
> > --About VOIPSA
> > The Voice over IP Security Alliance (VOIPSA) aims to provide VoIP
> > security related resources through a unique collaboration
> of VoIP and
> > Information Security vendors, providers, and thought
> leaders. VOIPSA's
> > mission is to drive adoption of VoIP by promoting the
> current state of
> > VoIP security research, VoIP security education and awareness, and
> > free VoIP testing methodologies and tools.
> > _______________________________________________
> > - The VoPSecurity Forum -
> >
> > To post a message to the mailing list send an email to [
> > voptalk_at_lists.vopsecurity.org ]
> >
>
>
> _______________________________________________
> - The VoPSecurity Forum -
>
> To post a message to the mailing list send an email to [
> voptalk_at_lists.vopsecurity.org ]
> **************************************************************
> ************************************
> The contents of this email and any attachments are confidential.
> They are intended for the named recipient(s) only.
> If you have received this email in error please notify the
> system manager or  the
> sender immediately and do not disclose the contents to anyone
> or make copies.
>
> ** eSafe scanned this email for viruses, vandals and
> malicious content. **
> **************************************************************
> ************************************
>
>


_______________________________________________
- The VoPSecurity Forum -

To post a message to the mailing list send an email to [
voptalk_at_lists.vopsecurity.org ]


-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 11542 bytes
Desc: not available
Url : http://lists.vopsecurity.org/pipermail/voptalk/attachments/20070328/82809d05/winmail.bin

More information about the Voptalk mailing list