Viop hacking (etical hacking)
Version 6 1 V i 6.1
Module XXXVIII VoIP Hacking
News
Source: http://www.itbusinessedge.com/
EC-Council
All Ri ht R d R d ti
Copyright © by EC-
Council
i St i tl P hibit d
Module Objective
This module will familiarize you with:
• • • • • • • VoIP VoIP Hacking Steps Footprinting Scanning Enumeration E ti Exploiting TheNetwork Covering The Tracks
EC-Council
All Ri ht R d R d ti
Copyright © by EC-
Council
i St i tl P hibit d
Module Flow
What is VoIP Enumeration
VoIP Hacking Steps Exploiting The Network Footprinting
Scanning
Covering The Tracks
EC-Council
All Ri ht R d R d ti
Copyright © by EC-
Council
i St i tl P hibit d
What is VoIP
Voice Over Internet Protocol (VoIP)refers to ( ) transmission of voice over IP based networks
Also known as “packet telephony packet telephony”
Uses IP protocol to route voice traffic
Voice is compressed using CODECS-hence bandwidth is utilized efficiently tili d ffi i tl Renowned for its low cost and advantageous to customers in i case of l f long di distance calls ll
EC-Council
All Ri ht R d R d ti Copyright © by EC-Council
i St i tl P hibit d
VoIP Hacking Steps
EC-Council
All Ri ht R d R d ti
Copyright © by EC-
Council
i St i tl P hibit d
VoIP Hacking Steps
Footprinting
Scanning
Enumeration
Exploiting the Network
EC-Council
All Ri ht R d R d ti Copyright © by EC-
Council
i St i tl P hibit d
Footprinting
EC-Council
All Ri ht R d R d ti
Copyright © by EC-Council
i St i tl P hibit d
Information Sources
Public Web site research
Google hacking
WHOIS and DNS analysis
EC-Council
All Ri ht R d R d ti
Copyright © by EC-
Council
i St i tl P hibit d
Unearthing Information
Information includes:
Organizational structure and corporate locations Help and tech support Job listings Domain name lookup Phone numbers and extensions VoIPvendor press releases and case studies Resumes Mailing lists and local user group postings Web-based VoIP logins
EC-Council
All Ri ht R d R d ti Copyright © by EC-
Council
i St i tl P hibit d
Organizational Structure and Corporate Locations
Hacker can guess names of employees working in an organization
Check for the location information for branch offices and corporate headquarters toknow the traffic flow between two VoIP call participants
EC-Council
All Ri ht R d R d ti
Copyright © by EC-
Council
i St i tl P hibit d
Help Desk
Check the sites that hold information from the help desks:
• Phone type yp • Default PIN numbers for voicemail • Links to web administration
EC-Council
All Ri ht R d R d ti
Copyright © by EC-
Council
i St i tl P hibit d
JobListings
Corporate web sites open up Job li i b i b listings that i l d the h include h information on the technologies used within an organization
EC-Council
All Ri ht R d R d ti
Copyright © by EC-
Council
i St i tl P hibit d
Phone Numbers and Extensions
Identify internal workings numbers and extensions
EC-Council
All Ri ht R d R d ti
Copyright © by EC-
Council
i St itl P hibit d
VoIP Vendors
VoIP vendor sites consists of case studies that gives you a detailed information about products and versions and so on
EC-Council
All Ri ht R d R d ti
Copyright © by EC-
Council
i St i tl P hibit d
Resumes
Resumes provide i f R id information such as: ti h
• Designed and set up a sop st cated S based Vo p oduct o es g ed a d sophisticated SIP-basedVoIP production Asterisk PBX with headsets and X-Lite softphones • "Provided security consulting, VPN setup, and VoIP assistance including CallManager installation with Cisco 7920 IP Phones"
EC-Council
All Ri ht R d R d ti
Copyright © by EC-
Council
i St i tl P hibit d
WHOIS and DNS Analysis
DNS is the distributed database system used to map IP addresses t i th di t ib t d d t b...
Regístrate para leer el documento completo.