[Voptalk] Need Clarification about VoIP packets

Dan Wing dwing at fuggles.com
Fri May 9 12:15:04 EDT 2008 

Mouza Al-Nayeli wrote:
> Hello,
> 
> I'm working on the SiVus tool to test the vulnerabilities and the 
> threats with the
> VoIP protocol specifically SIP. I'm trying to conduct the BYE attack 
> where I can
> hung up a call between 2 parties, but it is not working.
> 
> I'm running the entire environment in my machine. SIP Brekeke server + 2 
> soft phones
> and the SiVus tool, therefore, each phone will not work on the standard 
> port, but
> rather will use another random port number.
> 
> Let's say that the first phone has the infos below:
> 
> 1. 5555 <sip:5555 at 192.168.254.3:49152 <http://sip:5555@192.168.254.3:49152>>
> 
> and the second one:
> 
> 2. 9999 <sip:9999 at 192.168.254.3:14671 <http://sip:9999@192.168.254.3:14671>>
> 
> Now, I tried to send a BYE packet with the following information using 
> the SiVus tool:
> 
> BYE sip:9999 at 192.168.254.3 <mailto:sip%3A9999 at 192.168.254.3> SIP/2.0
> Via: SIP/2.0/UDP 192.168.254.3 <http://192.168.254.3>;branch=lkOJGmrbqvaqZ2
> From: 5555 <sip:5555 at 192.168.254.3:5060 
> <http://sip:5555@192.168.254.3:5060>>;tag=enDVjBvqIX
> To: 9999 <sip:9999 at 192.168.254.3:14671 
> <http://sip:9999@192.168.254.3:14671>>
> Call-ID: 9czBSnF3j5Wi at 192.168.254.3 <mailto:9czBSnF3j5Wi at 192.168.254.3>
> CSeq: 123456 BYE
> Contact: <sip:5555 at 192.168.254.3:5060 <http://sip:5555@192.168.254.3:5060>>
> Max_forwards: 70
> User-Agent: SIVuS Scanner
> Content-Type: application/sdp
> Subject: SiVuS Test
> Expires: 7200
> Content-Length: 0
> 
> 
> But it is not working, it didn't hung up the call, anyone has an idea 
> about the prob.??

For the BYE to cause the call to tear down, the Call-ID has to match the 
Call-ID between the two endpoints.

-d



> Looking forward a reply soon,
> -- 
> Mouza Al-Nayeli
> Information Security
> 200413011
> --------------------------------------------------------------------------------------------------------
> "Verily, Allah does not change people's condition unless they change their
> inner selves" Holy Quran
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> - The VoPSecurity Forum -
> 
> To post a message to the mailing list send an email to [
> voptalk_at_lists.vopsecurity.org ]

More information about the Voptalk mailing list