Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

30.3 Man-in-the-Middle Attacks > 30.3.4 Wiretapping Outgoing Calls - Pg. 769

CHAPTER 30 Security Issues in VoIP Telecommunication Networks 769 9. The process continues again, from sending the misinformed INVITE message, until the phone registers with the attacker machine. 10. Meanwhile, the remote attacker forwards messages to the Vonage server from the SIP phone acting as the man-in-the-middle. modified INVITE message with the attacker's IP address and port number to the SIP phone and for- wards the RINGING and TRYING message from the SIP phone to the SIP server. When the three- way handshake is complete, the remote attacker will be able to wiretap RTP streams between the SIP phone and the RTP server as MITM. 30.3.2. Exploiting Vulnerabilities By exploiting the SIP vulnerability, a remote man-in-the-middle can do the following: · Divert calls to any place on the Internet allow- ing attackers to wiretap calls. · Redirect a VoIP call to a third party without authorization. · Launch billing attacks on VoIP users. · Interrupt calls by sending BUSY and BYE. 30.3.4. Wiretapping Outgoing Calls As Figure 30-9 shows, when a remote attacker receives the SIP INVITE message, he/she modifies the IP address and port number for the upcom- ing RTP stream and forwards to the SIP server. The attacker then forwards INVITE messages and authentication messages with modified des- tination addresses. Once a TRYING message is forwarded from the server to the SIP phone,