Anatomia de Abusos a Servidores SIP
Abstract
VoIP services have become increasingly popular in the past few years, as well as the amount of attacks to such services. Many of these attacks try to abuse the VoIP infrastructure and wrongfully use it. To improve current security mechanisms it is important to understand the dynamics and characteristics of those attacks. This paper presents an analysis of VoIP services abuse attempts collected by a network of honeypots deployed in Brazil. The analysis of the abuses lauched to the emulated services enabled to identify the abuses' characteristics and identify security measures which can prevent them.References
AfterGlow (2013). AfterGlow – Link Graph Visualization. Disponível em: http://afterglow.sourceforge.net/.
Asterisk (2013). Asterisk – The Open Source Telephony Projects. Disponível em: http://www.asterisk.org/.
Baecher (2013). Dionaea. Disponível em: http://dionaea.carnivore.it/.
Ceron, J., Steding-Jessen, K., e Hoepers, C. (2012). Anatomy of SIP Attacks.;login: USENIX, 37(6).
Ceron, J., Tarouco, L., e Granville, L. (2010). Arquitetura baseada em assinaturas para mitigação de botnets. Em Duarte, O. C. M. B., editor, Anais do X Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, SBSEG 2010, Fortaleza, Brazil. Sociedade Brasileira de Computação (SBC).
CERT.br (2013a). CERT.br – Distributed Honeypots Project. Disponível em: http://honeytarg.cert.br/honeypots/.
CERT.br (2013b). Estatísticas do CERT.br – Centro de Estudos, Resposta e Tratamento de Incidentes de Segurança no Brasil. Disponível em: http://cert.br/stats/.
El-moussa, F., Mudhar, P., e Jones, A. (2010). Overview of sip attacks and countermeasures. Em Information Security and Digital Forensics, volume 41 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, páginas 82–91. Springer Berlin Heidelberg.
El-Sawda, S. (2010). Sip seclite: Sip security solution all in one. Journal of Next Generation Information Technology, páginas 86–99.
Hoepers, C., Steding-Jessen, K., Cordeiro, L. E. R., e Chaves, M. H. P. C. (2005). A National Early Warning Capability Based on a Network of Distributed Honeypots.
Em Proceedings of the 17th Annual FIRST Conference on Computer Security Incident Handling, Singapore.
IETF (2002). RFC3261 SIP: Session Initiation Protocol. Technical report, IETF.
John Todd (2013). Seven steps to better SIP security. http://blogs.digium.com/2009/03/28/sip-security/.
Keromytis, A. D. (2010). Voice-over-IP security: Research and practice. IEEE Security and Privacy, 8(2):76–78.
Liu, X. e Tu, C. (2011). Research on security of voip network. Em Dai, M., editor, Innovative Computing and Information, volume 231 of Communications in Computer and Information Science, páginas 59–65. Springer Berlin Heidelberg.
Provos, N. e Holz, T. (2008). Virtual Honeypots From Botnet Tracking to Intrusion Detection. Addison-Wesley.
Rezac, F., Voznak, M., Tomala, K., Rozhon, J., e Vychodil, J. (2011). Security analysis system to detect threats on a sip voip infrasctructure elements. Advances in Electrical and Electronic Engineering, 9(5).
Rosenberg, J. e Schulzrinne, H. (2002). Session initiation protocol (sip): Locating sip servers. RFC 3263, Internet Engineering Task Force.
Sandro Gauci (2013). SIPVicious Tools for auditing SIP based VoIP systems. Disponível em: http://blog.sipvicious.org/.
SANS (2013). Internet Storm Center – Port Details: Port 5060. Disponível em: https://isc.sans.edu/port.html.
Santos, C., Bezerra, R., Ceron, J., Granville, L., e Rockenbach Tarouco, L. (2010). On using mashups for composing network management applications. Communications Magazine, IEEE, 48(12):112–122.
Silviu Bruma (2013). Adevarul News in Bucharest. Disponível em: [link].
Valli, C. (2010). Developing voip honeypots: a preliminary investigation into malfeasant activity. Journal of Digital Forensics, Security and Law 5(2), páginas 35–44.
VaxSoft (2013). Vaxvoip sip sdk. Disponível em: http://www.vaxvoip.com/.
Asterisk (2013). Asterisk – The Open Source Telephony Projects. Disponível em: http://www.asterisk.org/.
Baecher (2013). Dionaea. Disponível em: http://dionaea.carnivore.it/.
Ceron, J., Steding-Jessen, K., e Hoepers, C. (2012). Anatomy of SIP Attacks.;login: USENIX, 37(6).
Ceron, J., Tarouco, L., e Granville, L. (2010). Arquitetura baseada em assinaturas para mitigação de botnets. Em Duarte, O. C. M. B., editor, Anais do X Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais, SBSEG 2010, Fortaleza, Brazil. Sociedade Brasileira de Computação (SBC).
CERT.br (2013a). CERT.br – Distributed Honeypots Project. Disponível em: http://honeytarg.cert.br/honeypots/.
CERT.br (2013b). Estatísticas do CERT.br – Centro de Estudos, Resposta e Tratamento de Incidentes de Segurança no Brasil. Disponível em: http://cert.br/stats/.
El-moussa, F., Mudhar, P., e Jones, A. (2010). Overview of sip attacks and countermeasures. Em Information Security and Digital Forensics, volume 41 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, páginas 82–91. Springer Berlin Heidelberg.
El-Sawda, S. (2010). Sip seclite: Sip security solution all in one. Journal of Next Generation Information Technology, páginas 86–99.
Hoepers, C., Steding-Jessen, K., Cordeiro, L. E. R., e Chaves, M. H. P. C. (2005). A National Early Warning Capability Based on a Network of Distributed Honeypots.
Em Proceedings of the 17th Annual FIRST Conference on Computer Security Incident Handling, Singapore.
IETF (2002). RFC3261 SIP: Session Initiation Protocol. Technical report, IETF.
John Todd (2013). Seven steps to better SIP security. http://blogs.digium.com/2009/03/28/sip-security/.
Keromytis, A. D. (2010). Voice-over-IP security: Research and practice. IEEE Security and Privacy, 8(2):76–78.
Liu, X. e Tu, C. (2011). Research on security of voip network. Em Dai, M., editor, Innovative Computing and Information, volume 231 of Communications in Computer and Information Science, páginas 59–65. Springer Berlin Heidelberg.
Provos, N. e Holz, T. (2008). Virtual Honeypots From Botnet Tracking to Intrusion Detection. Addison-Wesley.
Rezac, F., Voznak, M., Tomala, K., Rozhon, J., e Vychodil, J. (2011). Security analysis system to detect threats on a sip voip infrasctructure elements. Advances in Electrical and Electronic Engineering, 9(5).
Rosenberg, J. e Schulzrinne, H. (2002). Session initiation protocol (sip): Locating sip servers. RFC 3263, Internet Engineering Task Force.
Sandro Gauci (2013). SIPVicious Tools for auditing SIP based VoIP systems. Disponível em: http://blog.sipvicious.org/.
SANS (2013). Internet Storm Center – Port Details: Port 5060. Disponível em: https://isc.sans.edu/port.html.
Santos, C., Bezerra, R., Ceron, J., Granville, L., e Rockenbach Tarouco, L. (2010). On using mashups for composing network management applications. Communications Magazine, IEEE, 48(12):112–122.
Silviu Bruma (2013). Adevarul News in Bucharest. Disponível em: [link].
Valli, C. (2010). Developing voip honeypots: a preliminary investigation into malfeasant activity. Journal of Digital Forensics, Security and Law 5(2), páginas 35–44.
VaxSoft (2013). Vaxvoip sip sdk. Disponível em: http://www.vaxvoip.com/.
Published
2013-11-11
How to Cite
CERON, João M.; STEDING-JESSEN, Klaus; HOEPERS, Cristine.
Anatomia de Abusos a Servidores SIP. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 13. , 2013, Manaus.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2013
.
p. 44-57.
DOI: https://doi.org/10.5753/sbseg.2013.19535.
